Travel system and methods utilizing multi-application passenger cards

ABSTRACT

A travel system and methods that encompass a plurality of service providers and multi-application passenger cards so as to automatically compile, issue, utilize, and process the portable passenger cards for traveling purposes, purchase of travel-related goods and services, and for the implementation of other card-based applications. The multi-application cards are realized by smart debit and/or credit card technology and have the ability to store and activate a traveler&#39;s permit for transportation and other travel services; as well as to host and employ a monetary value for electronic payment means. Biometrics identification of cardholders, as well as cryptographic certification of card data and travel-related information, can optionally be encoded onto the cards and can be verified, including validated, at various point-of-service locations upon presentation of the card for utilization.

This application claims the benefit of Provisional Patent ApplicationSer. No. 60/050,648, filed Jun. 24, 1997.

BACKGROUND OF THE INVENTION

The travel system and methods are intended to be used throughout thetravel industry, including by passengers, providers of travel servicesand transportation means, financial institutions and transactionprocessors offering electronic payment means and clearing of thosepayments, and by service providers of other travel-related services. Tofacilitate the intended use, a portable passenger card will be utilized.The card will be compiled and issued as a multi-application means forstorage and processing of data and information, decision logic supportand communications purposes, and identification and authenticationschemes; as well as for hosting a traveler's pass, payment purse and aplurality of application-specific traveling services.

The system deploys a plurality of functional components and a set ofcomputer programs to implement its operational tasks, including thecommunications of data and the usage of the passenger card between andamong the above system user.

The functional components encompass, for example, PCs or other computingplatforms, POS-terminals and PIN-tablets, ATM-machines, card read/writedevices, biometrics boxes and other computer peripherals, and thepassenger card per se. These components are connected via amulti-directional communications link to allow the exchange ofdata/information between and among the systems entities including thecardholder. The system components are off-the-shelf hardware devicesthat can be purchased from retailers/computer stores, procured fromcomponent manufacturers or its distributors, or acquired from providersof networking/communications services. The communication links can beimplemented via the Internet or any other commercial available,wire-based or wireless network technology.

The computer programs perform the house-keeping assignments, computingand decisioning functions, application-specific routines, and thecommunications/networking tasks necessary for the system's operationsand card usage. These programs further include security means, such ascryptographic schemes, digital signatures and authenticity codes, toprotect the system, cardholders and card contents against fraudulentuse. The software programs reside within the system's componentsincluding the electronic passenger card. In this way, acardholder/system user can instruct the system to select and execute aplurality of computerized means or operational functions under theauspices of the software programs and the guidance of command buttons,template files and pull-up/pop-down menus embedded into the system orstored in the card.

The system further comprises a database scheme for storing a set of dataand information in a distributed manner among a plurality of databasecomponents associated with the plurality of system users, including thepassenger card. The database scheme comprises means for automaticallyinterchanging a selected number of data elements, from among said set ofdata/information, between and among all database components via thecommunication link whenever such data elements are inputted includingmodified by a particular system entity. In this way, the network ofsystem database components, including the passenger card per se, actsand behaves as a single integrated database that always contains andautomatically delivers--anytime, anywhere--the most up to date set ofthose data and information.

SUMMARY OF THE INVENTION

Based upon the features and objectives of the travel system and methods,advantages of this invention include reduced administrative costs,improved productivity, better quality of service, and higher revenuesassociated with the issuance, usage, and processing of the computerizedcards as compared to the deployment of paper/plastic-based travelingdocuments and of conventional payment methods.

The lower administrative costs are the result of less personnel neededfor the automated issuance and maintenance of computerized passengercards as compared to controlling and following-up on paper-baseddocuments or printed media; of less resources and telecommunicationscosts required to collect and clear electronic payments as compared tocash, checks or plastic-based payments; and of reduced fraud facilitatedvia the card-based security features. For instance, the detection of andprevention against fraudulent use of unauthorized travel means will beautomated, and the steps of verifying passengers and use rights will beconsolidated.

The increased productivity is the result of substituting time consuming,labor intensive and error-prone manual operations, which are associatedwith traditional document processing platforms or with conventionalpayment environments, by the system's computerized means; as well as ofstreamlining repetitive tasks via electronic templates and automatedcommunications exchange. For instance, several tasks previouslyperformed by human operators for renewal purposes, can be eliminated dueto the storage of reusable traveler's permits and reconfigurableutilization rights in the card. In addition, the passenger card willalso eliminate data redundancy while reinforcing standards of practice,purging unnecessary operations, and automating repeating tasks.

The improved quality of service--when using the computerized card--isthe result of achieving faster boarding or improved throughput at thepoint-of-service location, more service or product selections to choosefrom, up-to-date information available for micromarketing and inventoryor money management purposes, and services renderable from remotelocations. In addition, there is the convenience of using the samepassenger card for transportation, identification, card-based paymentmeans, and for other travel-related applications and services. Thisconvenience factor will translate into an enhanced goodwill for the cardissuer and acceptors as well.

Higher revenues will be achieved by allowing the passenger to earnfrequent attendance and shopper points, which will lead to more loyalpassengers and increased spending habits. The card can also generateincremental sales revenues by renting out card-space to corporatesponsors, such as for promotional programs or co-branding schemes. Inaddition, incremental sales revenues can also be generated via floatincome due to unused monetary value left in the passenger card or due totraveling services paid for but not claimed yet.

It is an objective of the present invention to provide a travel systemand methods which utilize computerized cards for the automated use of atraveler's permit and of other travel-related documents, purchase ofgoods and services, and the rendering of other traveling services.

It is further an objective of the invention to provide a portablepassenger card to store, process and communicate cardholder data,travel-related information, and electronic payment means.

It is further an objective of the invention to provide for a method ofcompiling the card data elements, which are also stored and maintainedthroughout a plurality of remote database components, and of issuing thecard to a legitimate cardholder, which is entitled to use the card for apredefined purpose.

It is further an objective of the invention to provide for a method ofaltering including updating cardholder data and travel-relatedinformation previously stored in the passenger card.

It is further an objective of the invention to provide for a method ofadmitting the cardholder for a particular transportation carrier orother traveling service based on a traveler's permit stored in thepassenger card, and of verifying that the card data is authentic.

It is further an objective of the invention to provide for a method ofusing the passenger card for the purchase of goods and services offeredby the plurality of service providers, and of determining if thecard-based payment means is valid.

It is further an objective of the invention to provide for a method ofimplementing a plurality of applications via the correspondingapplication codes stored in the passenger cards; the codes define andprotect the attributes and quantity of a particular application serviceto be implemented via the passenger card.

It is further an objective of the invention to provide for a method ofcoupling the passenger card to a remote database, and for downloadinginto the card a set of data and information or for communicating to thedatabase selected card data or cardholder information.

The invention further includes a method for using a cryptographic schemeto authenticate the cardholder or system information and to guarantee asecure information exchange.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a block diagram illustrating one embodiment of a travelsystem, including the system's communication links and the structuralcomponents of a card station.

FIG. 2 is a block diagram depicting the travel system including aplurality of service providers and the functional components of a travelcenter; as well as the communication links between and among the systementities and the passenger card.

FIG. 3 is a block diagram of one embodiment of the passenger card of thepresent invention.

DESCRIPTION OF A PREFERRED EMBODIMENT

This invention relates to an automated travel system and methods forfacilitating via a portable passenger card device a plurality ofapplications, comprising storing transportation rights, serviceentitlements, and cardholder considerations into the passenger card;loading monetary values into the card and using the card for purchase ofgoods and services; presenting the card for passage through passengerstations and admission to transportation means; clearing payments madeand rendering applications or services requested via the card; andcommunicating card data and related information between and among thesystem entities.

FIG. 1 depicts the functional components of a preferred travel system inaccordance with the principles of the invention. The system and methodsallow the issuance of a multi-application passenger card to individualsfor traveling purposes, such as the use of airlines or othertransportation carriers, as well as for the rendering of relatedservices, such as on-line reservations and electronic payment means. Toimplement the system's operational tasks, commercially availablehardware components and appropriate software programs and can be used.The hardware provides the computing infrastructure and the communicationdata links that integrate a plurality of remote system entitiesincluding the passenger card into a network. The computer softwarepackages perform house-keeping functions, application-specific routines,networking and communication procedures, and utility tasks. Thissoftware also includes security means, such as cryptographic softwareprograms and authenticity files, to protect the system information andcard contents against fraudulent use. In addition, a passenger or anyauthorized user can instruct the system to select and execute aplurality of computerized means under the auspices of the softwareprograms and the assistance and guidance of command buttons, templatefiles and pull-up/pop-down menus embedded into the system. The hardwareand software are distributed throughout the system entities includingthe passenger card.

The CARD STATION (1) allows a passenger, or any other entity, tointeract with or couple to the system while planning and evaluating aparticular trip or several travel itineraries, including making theappropriate reservations and loading the related ticket and travelinformation into the passenger card. The station can further be used todownload monetary value into the passenger card, pay for travel-relatedservices via the card-based means, and upload the electronic payments toa service provider. The station can also be used to compile the contentsof the passenger card, so as to serve multiple application needs whilehosting the related application modules in the same card. Such a stationcan comprise, for example, a PC-based setting used by passengers fromhome or at work, a card service station installed as an appropriateapparatus in public places, or a portable terminal accessed and servedvia on-line communications means.

The TRAVEL CENTER (2) provides the computerized means for thecompilation and automated issuance of passenger cards and means forloading into the cards appropriate use rights, including electronicadmission or passage rights for passengers. For example, the center cansimulate and implement the tasks performed by the ticket vendingmachines installed at passenger stations, as well as the controlfunctions exercised by the related entrance/exit gates. The center canalso emulate a travel agent/office or any other marketer of travelinformation.

The SERVICE PROVIDERS (3) represent the service entities includingindividuals that support the card's usage and the system's operationswhile rendering a plurality of products and services to the passengersupon presentation of the passenger card. Such providers include theentities that provide the travel means and transportation carriers, aswell as the services that are related to the use thereof. Providersfurther include a bank or financial institution that stores anelectronic monetary value or other electronic payment means in the card,a credit reporting firm that verifies and guarantees the creditworthiness of the cardholder, a transaction processor that clears andcredits the electronic payments made via the card, or a certificationcenter that authenticates cardholders and card data. Providers can alsocomprise fast food vendors, retail outlets, concession stand owners,promoters of collectors cards, or Internet service and contentproviders.

The PASSENGERS (4) comprise the traveling individuals that use thetransportation carriers and product offerings promoted by the serviceproviders. These passengers also represent the consumers of products andservices offered by the service providers at remote locations, such asadvanced ticket purchasing stations, automated vending machines, travelagencies and entertainment entities, or providers of on-line servicesand multimedia offerings.

The distributed databases (10), (20) and (30) are associated with theplurality of remote system entities that comprise the card station,travel center and service providers, respectively. The above databasescheme comprises database storage means for storing data and informationin a distributed manner between and among those remote entitiesincluding the portable passenger card. The databases include the datarecords that relate to the system entities and to the passenger cardcontents. Further included is information including electronic templatefiles, which implement the card's usage and the system's operations.Also stored are card data and system information to implement thecommunications and data security management functions. As a function ofthe amount and complexity of the data to be stored, the databases can beimplemented via a variety of storage configurations. Solid state memory,magnetic tape, rotating media, video disks, and optical/laser media, areexamples thereof. A major feature of the system is that these remotedistributed databases including the passenger card, always contain thesame set of data that is required to qualify a passenger for travel orservice eligibility. In this way, when presented for service, thepassenger card will contain the appropriate use rights, necessaryentitlements, and adequate monetary values. The availability of thismost up-to-date data is guaranteed by the system's build-in mechanism ofcommunicating data in a real-time manner. In other words, if datachanges or service/payment activities are performed by any one of theentities, all other entities including the passenger card will beautomatically receiving this new information. Such an incrementalexchange is not only fast and reliable, but also cost effective becauseof significant lower telecommunications expenditures. The passengercard, which can act as a portable database and/or off-line processingunit, also will free the system from lengthy and costly on-line modus ofoperandi, including on-line verifications and authorizations, whileproviding the bridge for stand alone or incompatible systemsconfigurations.

To execute the means needed to communicate data and information betweenand among the passenger card and system databases, process and storecard data and database information, as well as implement the decisionlogic means and software application programs, the card stationcomprises a plurality of components.

The database (10) is linked to the other databases distributed among andbetween all system entities, including the passenger card per se. Thedatabase stores the data and information relating to the travel servicesand transportation means available for selection, to the provider oftransportation means and the passenger making the reservations, as wellas to the transactions performed between the passenger and card station.The database data includes, for example, application codes, card andsystem file templates, menu screens, and user interface modules. Thedatabase data further includes the name, mailing/business address,telephone number, and other data about the transport provider and thepassenger. The database also comprises unique identification numbers forthe passengers or providers, account numbers with financialinstitutions, security keys and access codes used for cryptographicpurposes and protection schemes, passenger lists and negative filesincluding cancelled or fraudulent account numbers, and variousvalidation codes. These latter codes are associated with the tickets orservices, which are requested by the passengers and delivered by theprovider, for proof and authentication of products/services beingrendered, including returned by passengers for exchange or formoney-back purposes. Further included is information relating to paymenttransactions, such as details about the service or merchandise purchasedwith the passenger card, electronic receipts for the cleared payments,and the passenger's purchase habits and related payment history.

The passenger card (11) includes "smart cards" that have a shape similarto plastic bankcards, but with at least one silicon chip/integratedcircuit embedded into the card package. Such cards can further includePC (Personal Computer) card formats, handheld terminals or anypocket-sized computer configurations. The embedded circuits give thecards database storage means, processing and communicationscapabilities, or display means. The smart passenger card can thereforeinput, store, process, output, and display data relating to tickets,passengers, and system entities; as well as to services rendered via thecard. The data stored in the card includes the equivalent of anelectronic ticket for a particular itinerary, use rights for a specifictransportation carrier, considerations for travel-related services,electronic money for payment, or security information for protecting thecard content and identifying the rightful card holder. The cards furthercan display data inputted into or retrieved from the passenger card. Thecard data can be retrieved from (read operation) or loaded into (writeoperation) the card via a card read/write device or via traditional datainput or retrieval means, such as a keyboard/mouse, pointing device,touch screen, or voice commands. This portable card can operate in astand-alone and/or in an on-line modus of operandi.

The card reader (12) represents a card device that can read thepassenger card's contents, as well as write information into the card;this read/write information can also be displayed onto the card reader.The card data can further be displayed and manipulated within thepassenger card or on the monitor of a computer terminal. The passengercard can communicate, via such a read/write module, with the othersystem components including equipment that captures card data relatingto text, graphics, audio or video information. This module can be astand alone device, incorporated into computer terminals via appropriateplug-in boards, or implemented by the passenger card via built-in inputor output ports.

The biometrics box (13) includes means for capturing and digitizing thebiometrics characteristics information--such as fingerprints, voice,signature, eye characteristics, or picture/facial features--of aparticular passenger. The captured biometrics can be stored in orimprinted onto the passenger card, as well as loaded into thedatabase(s). The "life" biometrics can also be compared with biometricsinformation that was previously stored in the passenger card or in aremote database, to verify, for example, if a passenger is thelegitimate card holder.

The computing platform (14) can be a multimedia personalcomputer--capable of processing and communicating text, data, audio,graphics and video--or any other computer configuration, such as ahandheld computer terminal, general purpose personal computer,client/server-oriented networks, or a mainframe-based computerenvironment. This platform facilitates the computerized means includingthe gathering, organizing, evaluating, manipulation, processing, andexchanging of data and information. The computing platform also performsthe decision logic means required for the system's implementation andthe card's usage. Such a computing platform can further be used by thepassengers to compile the card contents or request the rendering ofservices from remote locations (e.g. from their home or businesspremises).

The printer (15) allows the passenger to print out hardcopies includingpaper-based documents, such as tickets or travel statements and expensereports. When using thermal printing techniques, it can also be used toimprint text, logos, video images, or other related data and informationonto the package of the passenger card.

The components of the card station are connected via a communicationlink (16) to allow the exchange of data and information throughout thecard station. The components, including the station per se, also areconnected via a global communication link (1234) to the rest of systementities. The data links can be implemented via any commerciallyavailable wired or wireless technology, such as cable/telephone lines,Internet service networks, or other digital or analog telecommunicationsmedia.

FIG. 2 illustrates the Travel Center (2) that provides the computerizedmeans for the selection, payment and issuance of passenger cards; aswell as for the storage in the cards of appropriate service entitlementsand use rights. The center also provides the means to edit the contentsof the passenger card, so as to represent a particular cardconfiguration type. Such a center can be, for example, a ticket vendingmachine that is installed at an airport, a railroad station, or at atravel agency; as well as represent a provider of virtual services thatare delivered via remote ticket offices, electronic shopping malls, oron-line travel support functions. Also shown is a Passenger Station (31)that controls access to the transportation carriers, as well as monitorspossible connections relating to a particular travel itinerary includingalternative transportation means. Further depicted are the plurality ofservice entities that provide the transportation carriers and rendervarious services, as well as facilitate the support functions needed forthe delivery of the appropriate goods and services. The Travel/TransportProvider (32) represents the entities that provide the transport meansas well as the services associated therewith. Means for transportationmay include airplanes, railroads, ships, automobiles, subways, buses, orrental cars. The services may comprise travel arrangements, such asreservations or cancellations and electronic ticketing or payments;transportation support, such as traffic management and capacityplanning; and card-based marketing or sales promotions, such as loyaltyand frequent traveling programs or other value-added benefits deliveryschemes. The Bank/Financial Institution (33) represents the financialentity that facilitates the electronic payment process between thepassenger and transport or other service providers, including theclearing/settlement of the electronic money exchanged via thecommunication link (1234). The Network/Transaction Processor (34)provides the infrastructure and services required for the processing ofpayments and transfer of electronic funds, including for the clearingand settlement of electronic transactions and related information. TheElectronic Passenger Card (11) is the portable card used by thepassenger to reserve a ticket or to purchase goods and services.

The TRAVEL CENTER facilitates the automated issuance of the passengercards, including the loading into the card of an electronic ticket or ofa permit authorizing the passenger for a specific itinerary, whileemploying the following software and hardware components:

The database (20) stores the data and information relating to the travelservices and transportation means available for selection, to theprovider of transportation means, and to the passenger making thereservations; as well as to the transactions and communicationsperformed between the travel center and passenger. Further stored areelectronic file templates including card templates that are used duringthe selection process, including for storage and communicationspurposes. The database includes, for example, the application/servicecodes and identification numbers of transportation services and carriersavailable to passengers. The codes authorize and trigger theimplementation of the card-based applications. The codes are associatedwith the tickets or services requested by passengers, for proof andauthentication of products/services being rendered by providers and usedby cardholders, or returned by passengers for exchange or forcancellations, including for money-back purposes. The numbers are usedto uniquely identify a particular transportation carrier a passengerbuys a ticket for. The database also stores authenticity files andidentification numbers of the passenger cards that are issued to orrequested by the passengers; these files and numbers correspond to theauthenticity codes and card numbers stored in the passenger cards. Thedatabase data further includes the name, mailing/business address,telephone number, and other data about the transport provider and thepassenger. The database data also comprises unique identificationnumbers for the passengers or service providers, passenger lists,account numbers with financial institutions, negative files includingcancelled or fraudulent account numbers, as well as security keys andaccess codes used for cryptographic purposes and protection schemes. Thedatabase further comprises a set of service or payment points that areunderwritten by the provider, or any other entity. The points can beloaded into the passenger cards and accepted thereafter by selectedservice providers or by entities, as legal tender or as appropriatetrade-ins. For instance, passengers can use the points for paymentpurposes or for exchange with certain use rights. The database furtherincludes information relating to payment transactions, such as detailsabout the service or ticket purchased via the passenger card, electronicreceipts for the cleared payments, and the passenger's purchase habitsand related payment history. Concerning the latter, the database alsogathers marketing data about the passenger's travel itineraries,including the type and amount of services requested and productspurchased at a particular location or over a specific time period. Thedatabase data further comprises certification numbers used forauthentication of data and information that is communicated between andamong the system entities including the passenger card. The databasefurther comprises an audit trail concerning the system's operation andcard's usage, including details about the selections made and dataloaded into the card. This audit trail establishes the concept ofnon-repudiation with the help of a "Who did What-When-Where" recording;the recording is tamper proof and non-erasable.

The user interface module (21) allows the passenger to interact with thetravel center while instructing the center, or system componentsnetworked therein and entities linked thereto, to execute the arithmeticand logical functions required for the compilation of the passenger cardcontents, and to implement the related storage tasks and communicationsroutines required for the loading and exchange of data and information.To select the instructions and input or output data, various means, suchas a keyboard, mouse, pen, track ball, voice command, touch screen, orwireless communications technologies, can be used. This module alsodisplays onto a built-in monitor or computer screen data inputted orretrieved by the passenger, as well as information provided by thesystem entities. The monitor/screen can also display instructions abouthow to proceed while guiding the card user through the process ofselecting a particular task to be performed. For instance, the userinterface lets the passengers select and compile the details of aparticular trip, request the issuance of an electronic ticket, pay forthe ticket, and load the ticket and appropriate service entitlements oruse rights into the passenger card. Also stored in the card can be amonetary value for electronic payments or security information forprotecting the card content and identifying the rightful cardholder.Passengers can also select a new card from among a set of predeterminedcard types, manipulate the contents of cards previously issued, storesecurity information into the card, or tailor the passenger card contentfor a particular application.

The travel map (22) lets the user explore various travel itineraries,while automatically providing alternative routes and relatedrecommendations. For example, the passenger inputs into, or points andclicks on, the map the departure and destination locations, includingthe date of travel and number of tickets requested. In response thereto,the map compiles and provides a set of possible itineraries, includingthe ticket price and the departure and arrival times associated with therecommended alternatives. Should the trip require any connections, themap will also provide the necessary information, including the type ofcarriers and time/location of transfer. After a travel selection ismade, the map will request appropriate payment and if adequate paymentis provided, the selected information including electronic ticket andtype of transportation carrier can be loaded into the passenger card. Inaddition to compiling a particular travel itinerary or reserving aspecific trip arrangement, the service map can also evaluate alternativetravel plans as a function of restrictions imposed by the passenger whenrequesting a ticket or transportation permit. For example, the passengercan instruct the map to recommend an itinerary that doesn't cost morethan a predefined dollar amount or that needs to start and to concludewithin a predefined time period, as well as to reserve a ticket that isvalid for a particular seat assignment. The above dialogue andselections can be made directly on the map and/or via the user interfacemodule; for example, via touch-sensitive means or conventionalinput/output means. To aid the passenger during the selection andevaluation process, the map can display, for example, the seatingarrangements of a carrier, layout of premises and buildings, points ofattractions, as well as the maps of streets, countries and the globe.For instance, the seating map can display the floor plan, including thestatus of seats that are still available, of a transportation carrierand allow the passenger to select the desired seating arrangements andrelated admission rights for that particular carrier; the selectionprocess can be accomplished by pointing and clicking onto the seat thatis displayed on the map. The selected seat assignments are alsocommunicated in real-time to any other travel center that is authorizedto sell tickets for the same carrier. The instantly available seatinginformation across a network of ticket offices also facilitates thepurchase of tickets from remote locations. For example, the cardholdercan access, from home, the database containing seat assignments via thepassenger card and/or a computer terminal, select and pay for the seatlocations, and load the selections made into the passenger card as thecorresponding ticket.

The card slot (23) allows the passenger/user to insert or retrieve thepassenger card (11), including to couple the card to the travel center,for the purpose of reading (retrieving) and writing (loading) the carddata, as well as of displaying or manipulating the card contents. Thecard slot (24) provides the passenger with a new card in response to thecompilation of a blank card or to the selection of a predefined cardtype provided by the travel center. This slot can also print-out a labelor provide a sticker showing the data stored in the card, such asinformation relating to the ticket and transportation carrier; thelabel/sticker can be affixed onto the passenger card, attached to anyother media, or used as is. The new card can be compiled, includingdisplayed onto the user interface module, or selected from the card tray(25) that contains a plurality of card types and predefinedconfigurations. While compiling or selecting a new passenger card, thecardholder also has the option to choose from various text, logos,artworks, or audio and video files provided by the center. The compiledinformation and selected options can be loaded into or imprinted ontothe card.

The banking module (26) allows the passenger to pay for the tickets orfor new passenger cards, as well as to load a monetary value orelectronic payment points into the passenger card. To purchase thetickets or cards, the passengers can select appropriate payment meansfrom among a set of options (27) that include cash, checks, ATM(Automated Teller Machine) cards, credit/debit banking cards, or apassenger card. The banking module verifies the received or requestedpayment data and related information for the purpose of authorizing andsettling the appropriate payment options. This verification and clearingprocess can be accomplished via a network transaction processor bycommunicating with the banking module for the purpose of settling theappropriate fund transfers, or via the passenger card by deducting themonetary value or payment points previously stored in the card. The cardslot (28) accepts the credit/debit card, check, passenger card or anyother media representing a particular money equivalent, so as to capturethe information recorded or imprinted onto such media. The capturedinformation can be used in conjunction with the payment data for theimplementation of the selected payment option, as well as for thestorage in the card as a monetary value. In the later case, thisinformation can be digitized and stored in the passenger card as anelectronic representation of traditional payment means. For instance,the banking module facilitates the storing in the passenger card ofelectronic payment forms, which represent cash or plastic-based bankingcards, together with digital money allocated thereto. The monetary valuecan also be downloaded via on-line communication means, such as from achecking account or line of credit. Also loaded into the passenger cardcan be electronic payment points, which represent use or consumptionrights underwritten by the non-banking entity. For example, thetransport provider provides the passenger, in exchange for adequatepayment or a predetermined amount of travel miles, a set of paymentpoints that can be used for future purchases of tickets or services atselected providers accepting those points. After acceptance, the paymentpoints can be redeemed by the transport provider and credited to theproviders' account as traditional money.

The module (29) serves as a two-way communication means to exchangeaudio, video, or any other data and information between the passengerand the entity that services and maintains the travel center. Forexample, this capability can be used to report issues observed or tosolve problems encountered by a passenger engaged into a dialogue withthe travel center.

The PASSENGER STATION monitors and controls access to a particulartransportation carrier, as well as to connecting carriers usedthroughout different travel segments of a particular itinerary. Thestation manages the passenger flow to or from the transportationcarriers while verifying the card-based ticket, including relatedinformation stored in the passenger card, via the access control modules(111) and (112). These module can be installed at the entrance or exitgates at the premises where passengers can board a transportationcarrier (e.g. at railroad stations or airport facilities) or wheretransportation vehicles can have access to (e.g. at toll bridges orcargo ships). The modules can also be placed on the transportationcarrier per se (e.g. on a bus or any other public transportationvehicle). Upon coupling the passenger card to the control module, themodules monitor the admission to or departure from the premises--oraccess to or exit from the carrier--while reading the card-based ticketinformation and other related card data. In this way, the modules can,for example, verify the passenger's identity or compute the number ofpassengers boarding the carrier, so as to compare the passengers beingadmitted against the list of authorized passengers or the carrier'smaximum capacity. The modules can also compile the total number ofpassengers being admitted/transported over a predetermined time period,including by a particular transportation carrier. Such demographicsinformation, together with other passenger or travel related data, canbe gathered and forwarded to the transport provider formarketing/promotional programs. The modules can further compile theavailability of open seats, if reservations are required or thecarrier's capacity is monitored, as well as match the ticket holderswith their luggage items. In the latter context, the passenger's luggagewill be identified at check-in time; for instance, with a tag using abar code means. The tag-related information will also be included intothe card-based ticket, so as to allow the cross-reference betweenpassengers, who have boarded onto the carrier, and the luggage items,which have been loaded into the cargo hold of that carrier. As anoutcome of this comparison, the module can flag that all luggage isaccounted for and could be correlated to a particular passenger, or thatsome items have no owner and therefore should be removed because nomatching passenger could be established. The module can also convey amessage if a luggage item was checked-in but not loaded yet onto thecarrier; for example, the control module can detect the missing itemwhen verifying the card-based ticket at boarding time and alert thecarrier-personnel accordingly. The modules can also scan ID(Identification) documents for the purpose of retrieving and evaluatingselected information recorded onto such documents. For example, the DOB(Date Of Birth) data or the cardholder's picture can be captured from avalid driver's license to determine the age or physical appearance ofthe passenger presenting the license. Also captured can be theinformation from a passport, such as the passenger's place of birth andcitizenship, or data from other paper/plastic-based documents. Suchinformation/data can be verified, including compared against Governmentdatabases, so as to authenticate the background of the passenger orprovide the data required for other travel-related purposes.

The card slots (111.1) and (112.1) allow the cardholder to insert andretrieve the passenger card, including to couple the card to the controlmodule, so as to permit the module to read the card data including theelectronic ticket stored in the card, verify the card data, and storedata in the card. This card-based ticket information can also beprojected onto a display panel that communicates with the controlmodules. If the passenger card is authentic and contains the appropriateaccess rights, the control modules allow the passage through the gatethe modules are coupled with; otherwise deny the passage includingsignals the unauthorized attempt. For instance, if the card-based ticketqualifies a passenger to use a particular transportation carrier, accessto that carrier is approved; otherwise a message conveyed that thepassenger must use a different carrier or purchase another ticket. Or,if the electronic ticket stored in the card contains a valid seatassignment with the correct time, date and location, then the mechanicalarm activated by the control module permits the passenger to enter orexit the premisses; otherwise passage is blocked through the gate. Ifapproved for passage, an appropriate admission, or exit, stamp will beloaded into the passenger card. These stamps, which contain time-stampedinformation relating to the tickets or any other permit, are tamperproof and can be stored only by the control module. For instance, theadmission stamp identifies the cardholder as being lawfully admitted,via the card-based ticket, to use a transportation carrier, including toaccess the premises where the carrier is based. The admission stamp alsovoids the card-based ticket once admission is approved and/or access orboarding accomplished, so as to inhibit the fraudulent use of the sameticket for multiple trips that are not qualified via that ticket. If theticket qualifies the passenger for a return trip or connectingtransportation means, the appropriate ticket-segment(s) will bepreserved for the return or connecting trip. This can be achieved bycompiling a master-admission stamp that generates the set of appropriateslave-admission stamps corresponding to the individual ticket segments,or by generating a set of consecutive admission stamps whenever the cardis presented for those particular segments of the trip. The admissionstamp is valid only for a particular itinerary and cannot be used inlieu of a ticket for another travel purpose; for example, it is validfor a predetermined time period(s) or a predefined transportationcarrier(s), but will be automatically erased once the access rightsbecome invalid or after the journey concludes. For instance, theadmission stamp will be voided whenever a passenger leaves the carrier,including the premises the carrier is stationed at, unless the card ispresented to the control module at the exit gate with the intent ofre-entry to the same carrier/premises or to access connecting carriers.For example, when the card is coupled to the exit gate, the controlmodule will verify the admission stamp previously stored in the card,and if successful, generate and load an appropriate exit stamp into thepassenger card. When presented at the entry gate, the card-based exitstamp will be verified, and if valid, allow the passenger to passthrough the entry gate or board the carrier. If more than one carrier,including different premises, will be used by the passenger duringconnecting trip segments, access to those carriers/premises will begranted via the master-admission stamp stored in the card at thebeginning of the trip, via the individual admission stamps compiledwhenever the card is presented to the control module(s) at the relatedentrance gates, or via the exit stamp generated after exiting orconcluding a previous trip segment. The admission stamp also preventsthe use of more than one ticket for the same seat assignment or the sametransportation carrier. The control module prohibits the compilation ofmore than one admission stamp based upon the same ticket, as well as ofmore than one exit stamp based upon the same admission stamp. This stampcan be further used to qualify the passenger for certain privileges orconsiderations; for example, to receive a free gift or frequent travelmileage for being the one millionth passenger taking a particularitinerary or using a particular carrier.

The biometrics modules (111.2) and (112.2) at the entrance and exit gateserve as an additional security means for controlling the passenger flowand for safeguarding the passenger cards. These two modules can be usedto capture the passenger's biometrics characteristics, such asfingerprints or voice imprints, and compare the captured data withbiometrics information previously stored in the passenger card; thecaptured biometrics can also be loaded into the card or any of thesystem databases. For example, a passenger might want to protect atravel permit or ticket, which is hosted by the passenger card, whileattaching a particular biometrics to the card-based permit/ticket. Whenpresented at the entrance gate, the control module requests confirmationand the cardholder must provide the identical biometrics to unlock thetransportation rights; otherwise the permit or ticket cannot beretrieved nor displayed, and access is not allowed. Or a ticket holderleaving the carrier or premisses, might want to capture and temporarilystore a particular biometrics in the passenger card to make sure thatnobody else can use the card for re-entry, including multiple accesspurposes. When the passenger card is presented at the entrance gate, thematching "life" biometrics must be provided in addition to the exitstamp, to have access allowed; otherwise re-entry is denied. Inaddition, these modules can also provide the input means for scanningthe physical appearance of a passenger and for communicating it to thecontrol module; the appearance can then, for example, be comparedagainst the photo scanned from an ID document or the picture stored inthe passenger card per se. To safeguard the process of using biometricsinformation for multiple re-entries, the biometrics modules at theentrance gate can be used only by passengers arriving for access orboarding purposes, and the biometrics module at the exit gate only bypassengers leaving the carrier including the corresponding premises.

FIG. 3 illustrates the functional structure, including the electroniccard template of the multi-application passenger card, which facilitatesthe card's computerized means for compiling the card contents and forcommunicating data and information between and among the remotedatabases including the portable passenger card. The means includes thecapturing, inputting, storing, retrieving, displaying, evaluating,computing, processing, and exchanging of the data/information needed forthe card's usage and the system's operation. The card contents can alsobe manipulated, displayed, and exchanged via commercially availablecomputer terminals, such as personal computers, POS terminals, orautomated data collection and inputting means that are coupled to thepassenger card. To safeguard the card contents and protect the dataexchange, the card issuer, system entities or cardholder can loadauthenticity data and security information into the passenger card. Toallow the communication between proprietary platforms, the card data anddatabase information can be automatically translated or converted from aparticular data format and contents into data/information with anotherformat and contents. The passenger card comprises a plurality of datafields, distributed between and among the card and/or system components,to facilitate the card-based functions and operational tasks of thesystem.

The BUTTON fields trigger and facilitate the storage, processing, anddecision logic means required for the implementation of arithmetic andlogic operations, as well as of communications management functions.Such means retrieve and display, for example, the card data, edit thedata, and store the edited data in the card or communicate it to theremote databases. Such means further process monetary values stored inthe card for the payment of travel tickets or for other goods andservices, compute the required payments and the remaining card balances,attache a time stamp to the computations, and communicate the resultswith the card and databases. Such means further verify the validity andexpiration dates of the benefits data stored in the card, checks theauthenticity of the card data, and determine if a passenger card shouldbe approved or denied for access to a carrier or for other services.When selected, these buttons display a set of pop-up or pull-down menusthat aid the user in understanding and implementing the card'soperation.

The CARDHOLDER/PASSENGER BACKGROUND field comprises data andinformation, which relate to the passenger and the framework thepassenger card can be used within, as well as an Instruction-Window,which provides and displays a set of help-functions to guide thecardholder through the steps of compiling and using the card data. Thestored information includes, for example, the passenger's demographicsdata such as name, address, birth date, and telephone number; cardholderidentification information such as a passenger ID number, SSN (SocialSecurity Number), or check guarantee number; and an electronicrepresentation of cardholder documents such as a driver's license,identity card, or passport. Also stored are the overall terms andconditions the passenger card has to conform to when being used, dataand information about the card's eligibility for a particular itineraryor a specific application/service, information about the cardutilization including services rendered and travel performed via thepassenger card, and the passenger's credit history including approvalsor declines of card-based payment transactions or fund transfers. Thestored background data elements comprise plain data that can bedisplayed and modified by all system users, restricted information thatcan be accessed or manipulated only by an authorized entity or by thecardholder, and certified data that can be retrieved and viewed butchanged only by the certification center. Data and information can alsobe inputted into the background-field, including the instruction-window,after the passenger card is issued. For example, a cardholder can enteradditional data, such as time management information to tailor the cardfor a particular card utilization purpose, or a issuer of card-baseddocuments can update the document-related data, such as a license or theimmunization pass with new information.

The TRAVEL OPTIONS field provides a plurality of transportation carriersand related services, as well as various payment means and cardconfigurations, that can be selected or compiled and implemented via thepassenger card. Based upon the selections, including consumptionstriggered via the passenger card, this field can also be used toimplement loyalty programs that let cardholders earn frequent traveleror shopper points for trips made with a particular transportationcarrier or for purchases initiated at a particular merchant. The points,which will be stored in the passenger card, have value similar to cashand can be redeemed at carriers or merchants participating in such aprogram; for example, by initiating future trips/purchases with thepassenger card or by trading-in the points for cash. In this field isalso incorporated an Instruction-Window, which guides the card userthrough the steps of selecting or using the transportation and servicemeans and of compiling or inputting the payment account data and thecard configurations. This window provides and displays instructions thatdescribe the choices available for a particular task, recommendationsabout how to proceed, and consequences associated with a particular taskor recommendation being selected. The window also explains the outcomesassociated with a particular command or function being executed, as wellas display the detailed information relating to the selected travel oradmission tickets and to the utilized payment forms or cardconfigurations data. The travel options field comprises the selectionand payment sections.

The SELECTION TRANSPORT/SERVICE section allows the card user, includingthe system, to choose a particular transportation carrier from among theplurality of carriers, which facilitate appropriate travel means by air,sea and land; and select a specific service from among a menu oftraveling services, which relate to goods and services provided via thepassenger card. The transport-related data comprises, for example, theelectronic representation of tickets for a particular itinerary,including the appropriate seat assignments and access rights, and thedetailed information about the carrier to be used thereby, including therelated type and identification of the carrier; as well as the itineraryto be followed and sites to be visited thereby, including the location,date and time of the corresponding departure(s) and arrival(s). Thetickets can be identified via a unique ticket number, as well as viapassenger-related information, such as name and address, or selectedinformation about the carrier or itinerary, such as name of the travelagency or amount paid for the ticket. The passenger cards can store asingle ticket or host a set of tickets for several passengers. Theservice-related data comprises, for example, a set of benefits data thatentitle the passenger to specific rights or considerations uponpresentation of the passenger card. Such benefits may include advancedseat reservations, selected upgrades, free admission to events,automated check-in and boarding capabilities, serving of special meals,purchase of discounted merchandise, as well as the accumulation of bonuspoints for frequent travel and selected purchases.

The above transport/service data can also be viewed and/or manipulatedvia the Scroll-Window. This window allows card users to browse throughthe list of carriers and services available to the passenger, displaythe related information, and make appropriate selections. For instance,the passenger can use the scroll bars to select a specific airlinecarrier, display the seating guide, and make a ticket/seat reservation.The passenger can also locate a particular ticket via the correspondingidentification number, retrieve the information relating thereto, andmake any necessary modifications. The reservations or modifications canbe stored in the passenger card, including communicated to theappropriate system databases as well; a particular seat assignment thatis reserved or changed via the passenger card, has to be validated bythe transport provider's database. In other words, although thepassenger card can be used to pre-select or change a particular seatassignment, including the type of carrier and date and location ofdeparture/arrival, the card needs to forward the seating information tothe provider database to have the seat assignment confirmed. Forexample, after compiling a request for an airplane ticket via thepassenger card including an seating guide stored therein, the card willlog-on to the airliner's seating map, including to any other remotedatabases networked thereto, communicate the ticketing request, andafter receiving approval, store the electronic ticket in the passengercard. Only this map, including any database linked thereto, has theauthority to make the final ticket reservation, including to accept newseating requests or to change previously made seat reservations.

The PAYMENT/CONFIGURATION section allows the card user, including thesystem, to manage the selection and usage of various payment forms andcard types for the purpose of electronic payments and of card templateconfigurations. The Status-Window can display the payment forms and cardconfigurations, as well as facilitate the manipulation of selectedpayment information or card data. For instance, the window lets the carduser locate and retrieve detailed information about the individual formsor specific configurations that are stored in the passenger card. Alsocommunicated and displayed can be payment information or configurationdata that is stored in and retrieved from a remote database and/orinputted by the card user. Once displayed, the data/information can beused as is, or edited and stored in the passenger card or communicatedwith remote databases for later on usage. The window also provides themost up-to-date status of the payment information and card data, as wellas a history of data previously selected.

The electronic payment forms comprise payment options that representcurrencies or other traditional paper/plastic-based banking cards via anelectronic monetary value stored in the passenger card. Associated withthese forms is a set of account information, such as the maximumdebit/credit limit, effective and expiration dates, cumulative amountspent so far via that form, and the balance remaining in the card forfurther purchases. The forms can also simulate those traditional paymentmeans while automating the authorization and clearing tasks viaelectronic data links to communicate with the appropriate transactionprocessors. The payment forms can further comprise promissory notesendorsed by a non-banking entity, such as the transport provider, andaccepted by the service providers for the purchase of goods andservices. For instance, such type of notes can represent electronicpayment points that will be settled by the entity the way commercialbanks clear payments made via their paper/plastic cards; the settlementoccurs after the points have been forwarded by the provider thataccepted such points as legal tender. The payment forms can beidentified via a particular name, specific account number, or via anyother unique identifier. If a particular payment form is used for apurchase, the card-based balance will be compared with the payment duefor that purchase. If this remaining balance is equal to or greater thanthe due payment, the card-based payment form, including the storedmonetary value, can be used to pay for the related merchandise orservice. When approved by the cardholder, the payment due will bededucted from the remaining balance and forwarded to the merchant. If acard-based payment is used, the payment due will also be added to thecumulative spending amount which reduces the remaining balanceaccordingly; the cumulative spending amount is deducted from the maximumdebit/credit limit to yield the remaining balance. If the payment due ismore than the remaining balance, the selected payment form cannot beused for payment; the remaining balance has to be augmented or anotherpayment means used. The remaining balance can be increased by reducingthe cumulative spending amount and/or by increasing the maximum limitassociated with that particular payment form. This can be achieved, forexample, by the cardholder paying off at least a portion of the balanceowed to a bank, and by the bank reducing in response thereto thespending amount accumulated in the card. Or, the bank can increase thecredit/debit limit for that payment form, and store the higher maximumamount into the passenger card; the increased amount will recharge thedepleted amounts. The cardholder can also augment the remaining balanceby transferring a monetary value from another payment form, ordownloading some payment points, to increase the maximum amount or lowerthe cumulative spending amount stored in the card.

The card types comprise a plurality of card configuration templates, aswell as electronic pointers and built-in communication links to thosetemplates and to remote database information, that support themulti-application scenarios via a single passenger card. The templatesprovide the structure for the various card contents that are configuredto specific application needs. Such a structure comprises, for example,the framework for a predetermined number and type of data elements,including the various formats and related contents for those dataelements, that will be stored throughout a set of predefined data fieldsin the passenger card. Selected data elements can also be imprinted ontothe card package. The knowledge-based pointers locate the card templatesvia a unique configuration number or application code, retrieve thetemplate, and display the structure associated therewith, so as to allowthe viewing and/or inputting of data. The data communication links allowthe exchange of information between and among the card contents andremote system databases. To implement a multiple application scenario,the passenger card evokes a set of application-specific applets that aretailored to a particular application task. These applets arejust-in-time software programs that are highly modular andmachine-independent. In this way, these software applets are reusableand reconfigurable to serve new or multiple applications with the samepassenger card. The applets can also be dispatched across a network ofservice providers, such as the Internet, and assembled dynamically onany point-of-service for a specific application, regardless of locationor type of computing platform installed at those providers. Let'sconsider, for instance, a multicarrier passenger card that entitles thecardholder to use a predetermined number of transportation carriers fora particular itinerary or over a predefined time period. When presentedfor service, the passenger card will locate, retrieve and trigger theappropriate software applets to authenticate the card and to identifythe cardholder, gain admission to the premises where those carriers arestationed, validate the boarding of the carriers, compile the necessaryconnections, and verify the time-related restrictions.

The data and information relating to the transportation carriers, travelservices, payment forms, and card configurations can also be earmarkedelectronically (e.g. with identification numbers or security keys) bythe underwriter of the card data, so that authentic data/informationwill be forwarded securely to the recipient. Such a recipient cancomprise the travel center, any of the service providers, or thepassenger card per se. A particular card data can also be protected viathe recipient's identification number or security key (e.g. attached tothe data), so as to allow the use of the communicated card data only bythe entity intended to receive the data. For example, a bank attachesits identification number to a credit card payment form and encrypts theform with its security key. To make sure that only a particularcardholder can use the payment form, the bank might also capturebiometrics information or enter a security key of that cardholder andattach the captured information or the inputted key to the payment form;to unlock the card-based payment form, the identical biometrics ofcorrect key has to be provided. The passenger, when paying a merchantvia the card-based form, might also attach the merchant's identificationnumber or security key to the forwarded payment information; in thisway, only that merchant, who can provide the matching number or correctkey, can clear the payment.

The ACCESS CONTROL field authenticates the passenger card, verifies thecardholder, and protects access to certain information. This data fieldcomprises authenticity codes to validate the passenger card, digitalsignatures to confirm the legitimate cardholder, and authorization codesto control access to data stored in the card or in a remote database.The field further comprises applicable copyright statements or any otherdisclaimer notices with regards to data stored in the passenger card orto information being communicated with the remote databases.

The authenticity code will be stored in the card, for example, as atamper proof number that cannot be duplicated; the number is known onlyto the issuer or manufacturer of the passenger card. When presented forservice, the card can be validated via this code by comparing the codeagainst an authenticity file stored in the issuer database or byperforming a self-test of the card-based code. If there is a match orsuccessful test, the card is authentic; otherwise a forgery.

The purpose of the digital signature is to provide positive proof thatpassengers are who they say they are, similar to the name of persons aswritten by themselves. For instance, this signature is an electronicrepresentation of a distinctive mark such as a digitized signature, orof a unique characteristics such as biometrics information, of thatpassenger. The signature can also comprise appropriate cryptographickeys used to indicate the identity of that passenger. To establish thecardholder's identity, the card-based signature will be compared withthe "life" signature or biometrics provided by the passenger. If thecomparison is successful, the cardholder is legitimate; otherwise amessage will be conveyed that a positive identification could not beestablished. In the same context, a cardholder that can provide theappropriate cryptographic keys required to unlock/validate thecard-based signature, is also considered as being legitimate.

The authorization codes safeguard access to data and information whilemonitoring and controlling access to selected card data fields,including specific data elements, as well as to predetermined databases,including remote data records. These codes correspond to a set ofpredefined authorization levels that are allocated to the cardholder orto any other entity that is using the card, or communicating databetween the card and remote databases. For instance, entities attemptingto retrieve (read) or manipulate (write) a particular card data, must beauthorized to read data from or to write data into the card's datafields. Such an authorization may be achieved, for example, via a PIN orany other password-like information the entities have to provide beforethe read/write operations can be performed. For additional levels ofprotection, the identification number or security key of those entitiescan be certified with the appropriate authorization codes to yieldappropriate access rights. To gain access, including being gable tocommunicate with the card or database, the entities must provide theproper number or matching key.

The COMMUNICATIONS field comprises the means to facilitate a securecommunications exchange among and between the remote databases and thepassenger card, as well as the means to safeguard data and informationcommunicated or stored by the card user or system entities. To identifya particular card or database, a distinctive card number or uniqueaddress will be stored in the card or allocated to the database. Alsostored in the card/database can be any other specific identifier that isdistinctive or unique. A particular data element, which is stored in thecard or database, can be located via the data field section or datarecord number, as well as via the corresponding data label or addressingpointer.

The Read/Write means refer to the retrieving of data from or the loadingof data into the passenger card; the retrieved/stored data can also bedisplayed onto the card. The Send/Receive means refer to the uploadingof card-based data to a remote database or the downloading of data froma remote database into the card. This exchange of data is implemented byselectively coupling the passenger card to the database(s) via a datacommunication link; the data can also be displayed onto the card or by acomputer terminal connected to the data link. The Encrypt/Decrypt meansrefer to the compilation and employment of security keys to be attachedto the communicated or stored information. Such keys can also beincorporated into a particular access code. For example, selectedinformation or card data elements can be encrypted via a cryptographickey by the sender before being communicated to a particular entity, anddecrypted via a cryptographic key only by that entity, which isauthorized to receive the message/data. As an additional safeguardmeans, data stored in the card, as well as codes protecting accessthereto, can also be scrambled or unscrambled via this means. Forinstance, once encrypted, the data or codes can be decrypted only byauthorized users. The above cryptographic means can also be used byencoding or decoding functions that allow the related translation orconversion of information with respect to different data formats anddifferent data contents; for example, from data elements with aparticular structure to similar data elements containing a differentstructure, and vice versa; or from an information item containing aparticular number of data elements to a similar item but with adifferent number of elements, and vice versa.

The CONFIRMATION field allows the transportation provider, or any otherservice provider, to confirm a particular reservation made, or tocertify a specific service requested, via the passenger card. Forexample, a passenger purchasing an airplane ticket and reserving a carrental or a hotel room, can download the electronic ticket andreservation information with the corresponding confirmation numbersprovided by the airline, rental agency or hotel. To further safeguardthis confirmation process, the passenger's digital signature, which isstored in the card, can be exchanged automatically with thecarrier/service provider's certificates, which are stored in the remoteprovider databases. Based upon this, the certificate allows each partyin a transaction to confirm the identity of the other and serve as proofas to who requested a particular service, who committed to provide thatservice, and who forwarded the confirmation number. The exchangedcertificates can, for example, be compared against a list of originalcertificates stored in a public database, and if there is a match, theidentity of the parties is considered as being authenticated, includingthe confirmation numbers as being issued by the service providers. Inthe case the pair of certificates doesn't match, a message will beconveyed that no positive identity could be established. If scrambledwith a particular key, the certificate can be unscrambled only with thematching key, including information that is unique to the certifyingparty. Being able to unscramble the certificate is not only proof thatthe party's identity is established, but also that any informationendorsed with the certificate is authentic as well. TheInstruction-Window provides additional details or instructions about howto compile or select and how to use the card's communications andsecurity features.

The AUDIT TRAIL field stores a trail concerning the card's usage,including what data/information was loaded into the card and exchangedwith the other system entities. A typical trail comprises the date andthe location the card was utilized at, the name and related informationabout the transportation carrier used activity performed, a descriptionof the travel-related activity being implemented and service rendered,and additional comments and explanations relating to the travelitinerary or the services. This field also gathers marketing data aboutthe passenger's traveling records and purchase patterns, including thenumber and type of trips performed and of goods or services purchased;as well as where, when and what carrier or payment form was used totravel or to pay for the goods and services. This marketing data is thenforwarded to the appropriate system entities, including the serviceproviders, for analysis.

The invention also includes a method of compiling the contents of thepassenger card and of issuing the card to a legitimate cardholder; thecard contents comprising a set of data elements that are also stored andmaintained throughout the remote system databases. The method includesthe steps of verifying the identity of the cardholder and ofauthenticating the card, storing cardholder data and system entityinformation in the card, selecting and loading electronic tickets andrelated travel information into the card, storing payment informationand monetary values in the card, loading other passenger use rights andentitlements into the card, authenticating data and information storedin the card, protecting access to card data and database information,issuing the card to the legitimate cardholder, and establishing anappropriate audit trail.

The verification of the cardholder can be accomplished by checkingconventional ID documents presented by the cardholder, verifyingcardholder-related information stored in Government or other databases,or by providing security information that has to correspond to thesecurity data stored in the card. If the verification process issuccessful, the cardholder is authorized to retrieve, manipulate, orstore card data; as well as download, view, or upload databaseinformation. Upon positive identification, the cardholder can also usethe passenger card for the rights stored in the card; for example, toedit selected card data or to download an electronic ticket. The card'sauthenticity can be verified by checking the card authenticity codestored in the passenger card, including by comparing the code againstthe authenticity file stored in the system database. If the code isvalid including if there is a match, the passenger card can be used;otherwise, card service is denied.

The data and information relating to the cardholder or system entitieswill be stored in or retrieved from the passenger card via the card'scomputerized input/output means, including the card data templates, orvia a computer terminal, including the write/read device and biometricsbox. The cardholder data comprises demographics data, such as apassenger ID number or SSN; and security information, such as a PIN,biometrics characteristics, or cryptographic keys. Cardholder data canalso include an admission permit that allows security and administrativepersonnel to board a transportation carrier or to access the surroundingpremises, as well as a license for merchants that are authorized to sellgoods and services at the premises where the carrier passes through oris stationed at; the permit or license can be used in lieu of a ticketto gain admission to the carrier or premises. System informationcomprises data, such as identification numbers and security keys, aboutthe entities that interact and communicate with a passenger card. Thecard data can be inputted by a card or system user while being providedby the cardholder or captured from a media holding information to bestored in the card. The card data can also be downloaded from othersystem databases including transferred from another passenger card.

The tickets for transportation carriers and the entitlements for travelservices can be selected from among a list of available carriers andservices. Once a selection is made, a particular ticket/entitlement canbe loaded into the passenger card as an electronic representation of thecorresponding information; for example, as a boarding pass or aconfirmed hotel reservation. Such information is tamper proof and can bedownloaded only from the travel map, which coordinates the seatassignments, or from the reservation desk, which allocates the roomnumbers. The seat assignments stored in a particular card cannevertheless also be transferred into another passenger card without theneed to communicate with the travel map or reservation desk per se: oncetransferred, the original seat assignments or initial reservation willbe automatically cancelled in that particular card, so that no more thanone valid ticket or room number will be in circulation. The selectedseat assignments or reserved rooms can be displayed, checked foraccuracy, cancelled, or replaced with new assignments or differentaccommodations. The admission or service rights facilitated via thepassenger card can be of a physical nature, such as boarding a plane orpaying for an in-flight movie, or represent a virtual tool to accessgoods and services from the convenience of a home, such as orderingtravel services over the World-Wide-Web (WWW) infrastructure.

To pay for the travel tickets or the goods and services ordered andpurchased by the passenger, an appropriate monetary value will be loadedinto the passenger card. This value can be an electronic representationof traditional money, including paper/plastic-based payment formsendorsed by banks, as well as electronic payment points underwritten bynon-financial institutions including the transportation provider. Theelectronic money can be inputted as digital cash into the passengercard. The banking payment forms can be scanned and digitized by apayment reader, which is coupled to the passenger card, or downloadedfrom the bank's database via the data communication link. The scanned ordownloaded information is then stored in the passenger card as anelectronic payment form with a monetary value associated thereto. Thepayment points, which are sold or provided to the passenger by theprovider(s), can be loaded into the card via the card read/write deviceor via the data communication link from the provider's database. Thestored digital cash, payment forms, and payment points can also bedisplayed onto the card template and verified or updated, if necessary.

Besides electronic tickets, a set of other rights, services orconsiderations can be compiled and stored in the passenger card as well.This set of data allows the passenger to trigger or to receive thestored entitlements upon presentation of the passenger card. Thespecific entitlements can be automatically loaded into the card duringusage or during selection from among a menu of benefits offered to thecardholder by the service providers. For example, when used forconnecting transportation carriers, the passenger card facilitatesappropriate admission rights for the premises where the carriers pick-upthe passengers. These admission permits are automatically compiled,including time stamped, and loaded into the passenger card at thepoint-of-exit and checked at the point-of-entry stations. The passengercard also provides services that are activated by the card-basedinformation relating to a particular itinerary booked via the passengercard. Such services comprise, for example, complementary meals anddrinks, selected reading materials, or free admissions to events andattractions. The passenger card lets the cardholder also accumulatefrequent bonus points in consideration of traveling with a particularcarrier over a predetermined distance, purchasing a certain amount ofselected merchandise, or of consuming a predefined level of services viathe passenger card. These points can be exchanged later on for a freetrip or a reduced ticket price, used to buy a discounted merchandise, orapplied as a co-payment for the rendering of selected services.

To ensure the authenticity, including integrity, of data stored in thepassenger card and of information communicated between the card andremote databases, a set of pertinent information is stored in the cardand/or databases, such as validation codes to electronically earmark thepassenger entitlements or goods and services provided, identificationnumbers to identify the related items or entities, digital signatures tocertify data and information being communicated, and security keys toguarantee the integrity of card data or database information. Thispertinent information, which is associated with or related to the dataneeding authentication, is tamper proof and can be loaded into the cardor database only by the entity that is responsible to provide authenticdata or maintain the integrity thereof. If this information isscrambled, it can be unlocked only by the authorized entity, includingvia a proper key. For example, after successful unlocking, theauthenticated card data will be retrieved from the passenger card, ordownloaded from a database, and displayed onto the card or any computerterminal as legible data.

To protect access to selected card data or database information, apassenger or any other system entity can employ various protectionschemes to safeguard the individual data elements. For example,cardholders can input their PIN or biometrics information into thepassenger card, as well as scramble certain card data with appropriatesecurity keys. System entities can, for example, control access to carddata or database records via predefined access codes or various securitykeys. To gain access to the card data, the appropriate codes or keyshave to be provided by the entity attempting to do so. The providedinformation has to match, or correlate to, the one stored in the card.The same methodology applies to data that is stored and protected in adatabase; authorization to retrieve/download and store/upload thedatabase data is granted once the proper access information is provided.Copyright statements and other notices can also be stored as a deterrentto illegal activities.

After the card contents is compiled, the card, including data stored ormodified therein, can be used by the passenger authorized to do so. Thecard will be issued to cardholders that have provided proper informationidentifying the cardholders, data validating the access rights, as wellas adequate payment. The issued cards can be used by one cardholder orby any other cardholder who is also authorized to access and use thecard data. For example, an individual passenger uses the card as anairline ticket, while a group of passengers uses the card as a host forall tickets that entitle them to a chartered bus ride.

The system databases including the passenger card will also store anaudit trail about the card's usage including the editing of card dataand the communication of information between and among the remotedatabases and the passenger card.

The invention further includes a method for authorizing the cardholderto use a particular transportation carrier based upon the electronicticket and related admission rights stored in the passenger card. Themethod comprises the steps of authenticating the passenger card,identifying the cardholder, determining if the card-based ticket isvalid, compiling and loading a boarding pass into the card, deciding ifmore information should be loaded into the card, implementing multipleaccess and exit scenarios to and from the carrier, and establishing anaudit trail.

The passenger card can be authenticated via the control module of thepassenger station. When presented for admission/boarding purposes, thecontrol module will compare the authenticity code stored in the cardagainst the authenticity file stored in a remote system database. Thecontrol module can also perform a self-test of the authenticity code;for example, by verifying the integrity of the code while running aroutine that determines if the code is original and still conforming tothe card issuer's specifications. If there is a discrepancy or a testingfailure, the card will be retained and an appropriate warning messageconveyed. If there is a match or a successful test, the card isestablished to be authentic and approved for further service, includingto be used as an electronic ticket for admission or boarding purposes.

The cardholder's identity can be verified at the passenger station by acarrier/travel representative, including via selected information storedin the passenger card. For example, when presented for internationaltravel, the card can provide the cardholder's certified picture that waspreviously stored in the card or imprinted onto the card package. Thestations's control module can capture the physical appearance of thepassenger presenting the card and compare it with the picture stored inthe card per se. If there is a match, the passenger's identity isestablished; otherwise, a message conveyed that the comparison was notsuccessful. In addition, authorized personnel can also verify thepicture imprinted onto the card, as well as the passenger's demographicsinformation stored in the card; a successful verification indicates thatcardholders are who they say they are. The passenger's identity can alsobe verified via security data stored in the card and informationprovided by the cardholder. For example, if the provided informationmatches or correlates to the card-based data, the cardholder's identityis considered to be established implicitly; only the rightful cardholdercould provide such information.

The validity of the electronic ticket stored in the passenger card canbe determined by reading and verifying the ticket-related information,such as the ticket number, name of the transportation carrier, seatassignment, and date, time and location of departure or arrival. Uponcoupling the card to the passenger station, this information can beviewed and checked, or compared against the corresponding data stored ina remote database. If there is an irregularity, such as a ticket numbertampered with, erroneous seating information, obsolete date, wronglocation, or different carrier, the passenger station will convey anappropriate warning message; no passage/boarding is allowed. If theverification is successful, the ticket price will be analyzed todetermine if it falls into a regular or special pricing category. If aregular price was paid for the ticket, the passenger may proceed andboard the carrier. If the ticket has a special price tag, the passengerstation's control module calculates the price difference and conveys amessage that the requirements authorizing the special ticket price needto be confirmed as being met. For example, a lower price paid bychildren or seniors, can be confirmed via the passengers' DOB data thatis certified and stored in the passenger card, or by a photo IDpresented by those passengers. The control module retrieves the DOBdata, computes the passenger's age by subtracting this data from thedate provided by the computer clock of the passenger station, and if theresulting age is less (for kids) or more (for seniors) than apredetermined age limits, approves access to the carrier. If the agerequirements are not met, the passenger(s) must pay the appropriateprice difference to gain access to the carrier. The actual ageinformation can also be displayed, so as to be viewed by a humanoperator. In addition, a permit for a disabled person or a year-passthat is purchased at a discount price while allowing unlimited travelingvia a particular transportation carrier, might be needing confirmationas well. The rightful cardholder can be verified, for example, bycomparing biometrics information, which is certified and stored in thepassenger card, against the person's "life" biometrics, which isprovided by the cardholder claiming to be intended bearer. If thecard-based biometrics matches the life biometrics, the ownership isconfirmed and free or discounted travel granted. Also verified can bethe expiration and effective date or other terms the card-basedpermit/pass has to conform to.

After the ticket-related data, including the pricing information, isverified and confirmed, the control module can compile an appropriateboarding pass. This pass includes the time, date, and location whereaccess to the carrier was approved by the passenger station, as well aswhere admission to the premises was authorized. The pass also attachesan electronic receipt, including a ticket cancellation notice, to thecard-based ticket to prevent repeated use of the carrier via the sameticket, unless the card-based ticket is authorized for multiple usageincluding use of more than one carrier. This receipt/notice will also becommunicated with the transportation provider's database and compared,for example, against the overall capacity as well as the available seatsof that carrier. If the cumulative number--as counted by the controlmodule--of passengers that are admitted for boarding over a particulartime frame reaches a predetermined number, a message will be conveyedabout the carrier's maximum capacity being reached; additional access isdenied. If more than one card-based seating assignment matches--asindicated via the provider's database--the same ticket issued for thatcarrier, a warning message about the existence of multiple tickets withthe same seat assignment will be issued by the control module. A carrierrepresentative has to solve this matter; for example, approve boardingand update the ticket with the correct seating information, or reimbursethe double-ticketed passenger accordingly. As long as the carrier'scapacity is not reached or a particular seat assignment not claimed yetby more than one card-based ticket, the boarding pass will be loadedinto the passenger card and access to the carrier authorized. The passwill also update the database with the number of, and seatinginformation about the, tickets being admitted. In this way, the databasewill be informed in real-time about the status of all tickets the momentthey are used for access or admission purposes.

Additional information can be loaded into the passenger card by anauthorized entity, such as the service providers or cardholder per se.For example, the transport provider can store in the card a number oftravel points or information relating to promotional activities. Alsostored can be security information including identification numbers ofthe system entities loading data into the passenger card. The cardholdercan capture biometrics information and attach it to the boarding pass oradmission stamp, so as to prevent the use of the ticket by unauthorizedpersonnel. This additional information can be verified and used uponpresentation of the passenger card for service; for example, fortrade-in of points, validation of systems data, and verification of therightful ticket-holder. Also stored in the card can be a permit orlicense for admission of security/maintenance personnel or merchants.Such individuals or entities don't need to present for access purposes aticket with a valid seat assignment, but the corresponding permit orlicense stored in the card. The control module will verify the date,location, and carrier the permit or license are authorized for and ifvalid, repeat the methodology used for qualifying ticket holders foraccess. The difference is that instead of seat assignments, data about aparticular permit/license will be compared against the provider'sdatabase list that contains all valid permits and licenses. If there isa match, access is allowed; otherwise denied.

After removing or decoupling the card form the passenger station, thecardholder can board the carrier, including gain admission to thepremises where the carrier is stationed at. The passenger can alsotemporarily leave the carrier/premises, and return without having topurchase another travel ticket. The passenger can also use the sameboarding pass to gain access to more than one carrier or premises; forinstance, when using the same ticket for connections during a particularitinerary or for multiple use. To do so, the passenger card will becoupled to the control module installed at, or monitoring by, the exitgate. The module will check the boarding pass previously stored in thecard and if valid, compile an appropriate exit stamp, or a transferstamp in the case of connecting carriers. The module will now load thestamp(s) together with the time and location of exit, as well asidentifying data and other information relating to the carrier, into thepassenger card. The passenger decouples the card and exits the premisesor departs from the carrier with the intent of returning or usinganother carrier. When presented at the entry gate within a predeterminedtime period, the exit/transfer stamp will be verified and if authentic,grant re-entry to the premises or access to the carrier. If the exitstamp is missing or determined to be invalid, free passage or access tothe carrier will be denied. Passengers can also capture their biometricsinformation and attach it to the exit stamp, so that nobody else can usethe passenger card for re-entry purposes. Biometrics can also beemployed for re-entry if no boarding pass, including no seatassignments, is stored in the card; this would be the case of themaintenance/security personnel or on-site vendors who may frequentlyenter and exit the carrier/premises. By making the exit gate accessibleonly from the premises where the carrier is stationed at or passingthrough, only cardholders already on the premises can use the biometricsbox installed at the exit gate. In other words, cardholders exitingthrough the gate can load their biometrics into the card via thatbiometrics box, but personnel arriving from the outside cannot. Whenstoring biometrics information in the card, the control module at theexit gate will add a unique identification number to the capturedbiometrics; also attached will be the time and location of exit. In thisway, the control module at the entrance gate will recognize via thatidentification number if the biometrics information was actually loadedinto the card at the exit gate and if it relates to a particularcarrier/premises. If affirmative, re-entry is granted; otherwise, freeadmission is denied.

The remote system databases including the passenger card will also storean audit trail about the card usage, such as for admission andverification purposes, as well as data and information beingcommunicated between the card and remote databases.

The invention further includes a method for using the passenger card topay for the card-based ticket, as well as for goods and servicesprovided by the service providers. The method includes the steps ofverifying the card's authenticity, determining if the card-based paymentis valid, computing and authorizing the purchase amount, deciding ifadditional verifications are required, compiling an electronic receipt,clearing payments made via the card, and establishing an audit trail.

Upon presentation for the purchase of a ticket at a transportationprovider or of goods and services at a merchant location, the passengercard will be coupled to a payment database or a POS device. The card cannow be verified by comparing the authenticity code stored in the cardagainst the authenticity file stored in the database or provided by thePOS device. If there is a discrepancy, an appropriate warning messagewill be conveyed. If there is a match, the card is authentic andapproved for further service, including as an electronic payment means.The card can also be verified by any portable terminal while comparingthe card-based authenticity code against an authenticity file stored inthe portable terminal or while performing a self-test.

The validity of the electronic payment form stored in the card will bedetermined by verifying the related information including the monetaryvalue associated therewith. The payment form including relatedinformation can be verified by providing the security information thatis used by a bank or underwriter to protect the form. This informationwill be compared against, or correlated with, the corresponding datastored in the card. If there is a match/correlation, the form's validityis established; otherwise, the form is not authentic. For example,inputting the correct identification number or security key for theform, or providing the security data of the passenger who is authorizedto use that form, will unlock the payment information and activate themonetary value attached thereto. This monetary value can be anelectronic representation of traditional money, which is backed by afinancial institution, or of payment points, which are underwritten by anon-banking entity.

To pay for a particular purchase made via the card, the purchase amountwill be computed and compared against the digital cash stored in thecard. If there is enough cash, the purchase amount will be approved bythe cardholder and deducted directly from the passenger card whileupdating the digital cash balance remaining in the card; no on-lineauthorization calls are necessary. The digital payment will then beforwarded to the transportation/service provider. The received paymentwill be verified, processed, and credited to the provider's account. Ifthe passenger card simulates traditional payment means, the card canalso initiate and implement the required authorization process whilecommunicating with the financial entities authorized to approve suchpayments. Electronic payments received via a portable terminal, which isused by mobile vendors, can be transferred to the merchant database inreal-time or as a cumulation of payments at a later time. The mobilevendor can then request clearance of the electronic payments, includingthe redemption of payment points, as traditional money.

The merchant or other service provider can perform additionalverification steps with respect to the cardholder payment. For instance,if a personal electronic check was used for payment, the merchant canvalidate the cardholder's identity via a certified driver's licensestored in the card, or via a traditional ID document presented by thecardholder. The merchant can verify the driver's license number andexpiration date provided by the passenger card, or determine if thepicture recorded onto the ID document matches the cardholder'sappearance or the digital picture stored in the passenger card. If apayment was made via payment points stored in the card, the serviceprovider might want to verify if the payment points are valid or if thenon-financial entity backing those points is still in business. This canbe accomplished by determining the authenticity of the card-based pointsor by communicating with the entity to have the payment points confirmedbefore accepting them as payment. Service providers accepting paymentpoints might also want to verify if the points are used properly. Forinstance, payment points earmarked for an airline ticket shouldn't beused to pay for hotel reservations, and vice versa.

After successful verification and approval, the service provideraccepting the payment made via the passenger card, will compile and loadan electronic receipt into the card and related system databases. Thisreceipt represents proof of payment received by providers and includes,for example, the time, location, and the type of merchandise deliveredor service rendered, as well as the price paid therefor. The receipt canalso comprise the identification number or security key of the providerto confirm the provider's identity or to protect the receipt's contents.The receipt further comprises the validation codes to authenticate theprovided merchandise or rendered service.

Once forwarded via the passenger card, the monetary value can becredited to the service provider's account. If the card-based valuerepresents traditional money, the network transaction processors willclear the payment, so that the financial institution can reimburse theprovider accordingly. If electronic payment points were used for thepurchase, the points will be forwarded to the non-financial institutionwho then reimburses the provider. In both cases, the service providerscan be reimbursed with traditional money for purchases made via thecard. The providers can also keep and re-use the received payments asdigital cash. When uploading the electronic payment amounts forclearance, the service providers can also earmark the payments with asecurity key, so that proper identification and ownership is establishedwith respect to the transferred funds. In this way, the cleared paymentamounts can be deposited only to the account of those providers.

The service provider databases including the passenger card will alsostore an audit trail about the verification process, card-based paymentsperformed between the passenger and providers, and informationcommunicated between and among the remote databases including thepassenger card.

The invention further comprises methods for implementing via thepassenger card a plurality of application scenarios. The scenarios willbe facilitated by a set of application codes that are allocated to acardholder or a transportation carrier, as well as to any other entityor item the card will communicate with or refer to during the card'susage. The methods include the steps of storing application codes andrelated information in the passenger card; loading payment forms andmonetary values into the card; correlating card data to a passenger, aspecific application, or to remote database information; certifying dataand information stored in the card; protecting access to card data anddatabase information; issuing the card to the rightful cardholder;authenticating the card and verifying the cardholder requestingapplication rights; selecting and implementing a particular application;monitoring the conformity to the application rights, and establishing anaudit trail.

A set of application codes and related information will be stored in thepassenger card to qualify the passenger for the plurality ofapplications upon presentation of the card, including upon communicationwith remote databases. The codes define a particular application or useright the card is authorized for. For example, for the use of toll roadsand bridges, trucking of goods and moving of vehicles via dedicatedtransportation carriers, or for the admission of vehicles to predefinedpremises, such as parking lots, national parks, or other recreational oreducational sights. Card-based applications further comprises thetagging of luggage and correlating the luggage to the rightfulpassenger, or the identification and verification of passengers engagedin international travel. The related information supports theimplementation of a particular application while providing the necessarydata and information. The information comprises, for example, the termsand conditions the passenger card has to conform to, and the passenger'sresponsibilities; personal data, such as the cardholder's name, address,citizenship and driver's license; information about the vehicle, such asthe registration slip and insurance status; data identifying theluggage, such as size, weight, destination, item number and ownership;information about the entities that provide and maintain the card-basedinfrastructure; or data relating to the card-based ticket used fortravel purposes. Also stored will be application-specific card templatesto be used during the implementation phase of the functional applicationscenarios.

The payment forms, including a monetary value, will be loaded into thepassenger card, to pay for the privilege of using the card for aspecific application and for expenses that are occurred during cardusage. The forms are an electronic representation of paper/plastic-basedpayment means endorsed by banks. The monetary value representselectronic cash backed by banks or payment points underwritten bynon-banking entities; both representations are accepted as legal tenderfor payment purposes. The electronic cash/points can be downloaded froma checking or savings account, or from any other remote paymentdatabase, upon proper identification is provided. The monetary value canalso be inputted into the passenger card by an authorizedrepresentative. The stored payment forms and digital cash or paymentpoints can also be displayed onto the card template, verified, and usedas is or updated, if necessary.

To correlate card-based data to persons, applications and systementities, appropriate links and inter-dependencies have to beestablished, such as built-in pointers or relationships that aredynamically compiled during the card usage. For instance, the card-baseddemographics data field can be associated with the cardholder via theholder's name, social security number, or any other unique identifier;as well as the card-based driver's license via the license number.Applications data can be combined via card-based application codes intoapplication modules or card templates that are needed for the executionof a particular application. For example, a ticket code or number for anairline ticket can store or retrieve the appropriate information aboutwho travels when, where and on what airplane. Entity-related informationstored in the card can be allocated to the entity that provides theappropriate identification number or security key. For example, theissuer of a car registration document can be identified via theregistration number, or the name of the agency taking care of theluggage, can be retrieved from the card-based tag information. Tolocate, including retrieve or store, card data or database information,a label or address associated with the corresponding data element orrecord name can be used. The data and information can also becross-referenced and manipulated via a graphical user interface thatprovides a link between the passenger and systems application. In thisway, the card-based payment information can be accessed via an accountnumber or via the electronic purse embedded in the passenger card.

Selected data and information that is stored in the card or remotedatabase, as well as communicated between the card and remote databases,can be certified by an entity that is responsible to provide authenticdata or maintain the integrity thereof. The certification process canemploy, for example, the entity's digital signature to authenticate thedata/information; if signed with such a signature, it is authentic. Thecertification process can also use a security key to make sure that thedata was not tampered with during storage or communications; forexample, being able to access/unscramble it via the security key isproof that the data content is still the original one.

Access to card data or database information is implemented viapredetermined access codes or appropriate security keys. For example,cardholders can input their PIN or any other biometrics information intothe passenger card, as well as scramble selected card data with asecurity key. System entities can store a unique access code in a remotedatabase or scramble a database data record with a secret key. To gainaccess to the card or database, the matching PIN or biometrics, as wellas the appropriate code, has to be provided by the individual or entityattempting to do so. To unscramble the card/database data, theappropriate key has to be provided. If the provided key matches orcorrelates to the stored key, the data can be retrieved and viewed orcommunicated; otherwise, the data cannot be accessed.

After compiling, certifying and protecting the card contents, thepassenger card will be issued to passengers that are authorized to usethe cards for at least one application. The card, including theapplication rights stored therein will be issued to the cardholders thathave provided proper identification, proof of eligibility for thecard-based applications, and adequate payment, if applicable. The issuedcards can be used for a particular application over a predetermined timeperiod, including for a predefined number of usage, or as long as a setof predefined conditions are met. For example, a card-based travelticket can be valid for a few weeks, including for up to two trips, or adriver's license stored in the card can be used as long as the licenseis valid, including renewed by the DMV. In other words, the cards can beconfigured to allow the utilization of the cards on an one-time orrepeated use basis, including without any restrictions or whileconforming to conditions to be met after the card is issued. The cardscan be issued to a particular cardholder or shared by cardholders whoare authorized to access and use the individual card-based applicationmodules. The former can be accomplished, for example, by personalizingthe card with the card holder's personal and eligibility information,including loading the information into the appropriate card data fieldsin a relational database-like manner. The latter can be accomplished,for example, by allocating the appropriate application codes, which arestored in the card, to cardholders who can identify themselves via aunique data or any other ID-like information.

The passenger card can be authenticated via any read/write deviceinstalled at a point-of-application or via the control module coupled toa passenger station-like apparatus. For example, the authenticity codestored in the card can be compared against the authenticity file storedin a remote system database, as well as a self-test of the card-basedauthenticity code can be performed to verify the code's integrity. Ifthere is a match or a successful test, the card is established to beauthentic. If there is a discrepancy or a test failure, the card will beretained including an appropriate warning message conveyed. In additionto authenticating the passenger card, selected card data can bevalidated as well. This can be accomplished, for example, by providingthe appropriate access codes or security keys to retrieve or unlock suchdata, as well as by verifying the digital signatures used to certifysuch data.

The cardholder can be verified by checking conventional ID documentspresented by the cardholder, verifying cardholder-related informationstored in Government or other databases, or by providing securityinformation that has to correspond to the security data stored in thecard. If the documents or database data checks out, or if the providedinformation matches or correlates to the card-based data, thecardholder's identity is established. After the card is authenticatedand the cardholder identified, the card will verify or compile the datainterdependencies and correlation links for the applications to betriggered via the card. This ensures that all resources and entitiesengaged into a particular application are qualified to participate inthe implementation of that application.

The applications can be selected from among a menu of systemsapplications that are available to the passengers. The cardholder can,for example, input via a keyboard the corresponding applications code,point to such a code displayed onto a computer screen, or convey to thesystem a functional description of the application to be selected. Theselection can be made also via a card-based application code uponcoupling the passenger card to the system. To determine if theapplication request should be approved, the system will verify thecard-based code; for example, by checking if the code is authentic andif there is a viable application associated therewith. If theverification process is successful, the application can be implementedvia that card; otherwise, no application can be triggered. To implementthe above applications, a set of appropriate card templates can retrieveand display, as well as manipulate and communicate, card data anddatabase information. This data/information can be viewed, modified, orused for decision logic means to determine the way the application shallbe implemented. If additional information is required during theimplementation phase, such information can be provided via the graphicaluser interface or communicated via remote databases.

To control the conformity to or violation of the card-based applicationrights, the passenger card will provide the necessary information andsupporting evidence. For instance, the card can display a driver'slicense or registration document comprising the expiration dates andinformation about the licensee or ownership status. If a registrationfee is not paid, the card or a traffic officer will be flagging thepayment due. This status can be communicated also with the DMV'sdatabase, so as to follow-up on the actions to be taken; for example, topay the fee or to issue a ticket.

The passenger card and remote databases will also store an audit trailabout the data and information stored in the card, authentications andverifications implemented during the card usage, electronic paymentsperformed via the card, and information communicated between and amongthe remote databases including the passenger card.

To better illustrate the above system and methods, let's use thepassenger card as an electronic ticket for a travel itinerary comprisingseveral carriers and destinations, a payment carrier including amonetary value for the purchase of goods and services, as well as a hostfor various application scenarios. Also, to guarantee a secureinformation exchange and to authenticate the card data or systeminformation, a cryptography scheme based, for example, upon the publickey technology can be implemented; all entities including individualsinvolved in the exchange or authentication of scrambled data will havean unique pair of keys, a public key known to everybody and a secretprivate key known only to a particular entity. The public key caninclude a certified, unique mailing address or public telephone number,and the private key a secret combination of alphanumeric characters or abiometrics characteristics of an individual. In this way, a sender cancommunicate secure messages to a receiver while encrypting the messageswith the public key of that receiver prior to transmission. Thetransmitted message can be decrypted only by the corresponding privatekey of the receiver (e.g. addressee); only the addressee on the envelopecan open the envelope and read the letter. Besides, any informationencrypted with the private key of a sender can be decrypted only by thecorresponding (e.g. sender's) public key; the letter signed via theprivate key is therefore authentic and was send by that sender.

The public key technology, including the related security protocolsemployed for communications, can also be used to store a public keycertificate in the passenger card. The certificate is tamper proof,cannot be duplicated, and can be used to certify or authenticate dataand information it is associated with. For example, a particularcertification center can load such a certificate into the passenger cardas a digital signature; the signature can be attached to a selected carddata or associated with particular information stored at a remotelocation. Afterwards, the digital signature provided by the passengercard can be used to access and unscramble that certified data orinformation, so that the data/information can be retrieved or downloadedand displayed or printed-out in a plain or legible manner. The fact thatthe data/information could be accessed and unscrambled with thecard-based certificate is proof that it was certified by that particularcertification center; if access is denied, the certificate could be afake or the data/information tampered with. The signature can alsoautomatically "pop-up" when card data or remote information, which iscertified via that signature, is retrieved and displayed. Oncedisplayed, the signature can be compared against the official signatureof the certification center; this can be done by uploading the signatureto the center's database for comparison or by verifying the card-basedsignature against a list of valid signatures provided by that center. Ifthe comparison/verification is successful, the signature is establishedto be valid, as well as the card data "signed" therewith to becertified. In the case the retrieved/displayed signature is scrambled,the signature can be verified by using the certification center's publickey to unscramble it. If the signature can be deciphered via this publickey, the data/information was indeed signed by that certificationcenter; otherwise, the signature cannot be relied upon because it mightbe a fake. The public key certificate can also be used to confirm theidentities of cardholders and service providers involved in card-basedtransactions. To allow each party in a transaction to confirm theidentity of the other, the electronic certificate stored in thepassenger card will be exchanged automatically with the digitalcertificate stored in the merchant database. In this way, thecertificates can authenticate off-line payment transactions, supporton-line debit transactions, or ensure that the to communicatedinformation including monetary values were not altered by anunauthorized entity before it is received by the merchant. Thecertificates can also proof that a passenger has indeed initiated apurchase request and forwarded the necessary payment, as well as that amerchant has received the payment and provided the product or service.

Let's start with a cardholder who is using the passenger card to planand to implement a particular trip including the related travelapplications. To aid the planning and implementation process, thecardholder will store in the passenger card a set of supporting data andinformation. This can be accomplished by coupling the card to a cardstation and by communicating with remote databases, so as to personalizethe card contents for the corresponding applications. For instance, thecardholder can input into the card a set of personal data, such as name,mailing address, telephone number. Also stored in the card can be thecard templates that are an electronic representation of the documentspertaining to the cardholder, such as the driver's license, carregistration slip, insurance papers, and passport. These documents canbe requested from the appropriate authorities, such as DMV office,insurance company and passport agency, and certified and downloaded intothe card after proper identification is provided by the cardholder. Forexample, the cardholder provides proof of automobile insurance andadequate payment to the local DMV office, which in exchange, issues theregistration slip for that automobile. This can be achieved by couplingthe passenger card to the DMV's database; communicating the card-basedinsurance information, including the demographics information of theautomobile owner's; uploading the adequate payment data, includingdeducting the payment from the card-based monetary value; verifying thecommunicated information and uploaded data, including the identity ofthe cardholder and authenticity of the electronic payment; andcertifying and downloading the car registration slip by the DMV,including storing it into the passenger card. Further stored in the cardcan be electronic payment forms including a monetary value. Thecardholder will communicate, for example, with the bank and downloadinto the card the electronic representation of a banking credit card, aswell as an amount of electronic money from a checking account. Thecard-based credit card form and digital cash will be certified anddownloaded by the bank upon request when proper identification isprovided by the cardholder. The cardholder requesting the storage ofdocuments or payment forms in the passenger card can be verified viaseveral means. For example, by providing a particular biometricsinformation, or any other unique information, that matches or correlatesto the one on record at those authorities. The identity can also beestablished by scanning an official ID document and comparing thescanned information against information stored in a remote database orloaded into the passenger card by a certified entity. Theprovided/scanned information can be verified via computerized meansand/or by a human operator. After the card contents is compiled, thecardholder can choose the exterior "looks" of the passenger card; forexample, imprint a particular graphics and text onto the package. Thepassenger card is now ready for further use. For instance, thecardholder presents or remotely couples the passenger card to a travelcenter-like setting to explore alternative transportation means andother services needed during the planned itinerary, to make and pay forthe appropriate selections, and to load the ticket reservations andrelated information into the card. The planned trip requires an airlineticket, a hotel reservation, and a rental car. The cardholder willcommence a dialogue with the travel center's database while retrievingand displaying the travel map.

To select the return-trip airline ticket, the cardholder will input, orpoint and click onto the map, the date(s) and location(s) ofdeparture/arrival, as well as the number and type of tickets needed. Inresponse thereto, the map compiles and provides a set of possibleairlines and alternative itineraries, including the ticket price and thedeparture and arrival times associated with the individual airlines andalternative routes. Should the flight require any connections, the mapwill make additional recommendations and provide the necessaryinformation, including the type of carriers and time and location oftransfer. The map also displays any in-flight or other servicesavailable in connection with a particular airline ticket. The cardholdernow selects a particular airline for the planned flight segment. The mapwill retrieve the airplane's seating guide while displaying the floorplan including the status of seats that are still available on thatflight. Once a particular seating arrangement is selected by thecardholder, the map will display the required payment for that seat. Thecardholder will pay for the ticket via the card-based credit card formand the map will update the airplane's seating map accordingly, as wellas issue an electronic receipt for the payment received. The cardholdercan also select a particular service, such as the serving of a specialmeal or the accumulation of frequent mileage points, which is providedby the airliner. The selected seat assignment/service, including therelated application codes and other information, can now be stored inthe passenger card, as well communicated with the airliner's database.If applicable, the airliner can also attach its digital signature to thecard-based ticket/service to guarantee the authenticity thereof. Theticket-related information can also be provided as a hardcopy orimprinted onto the card package.

To select the hotel and rental car reservations, the cardholder canchoose from among a list of options provided via the travel map, orinput any other selection via the graphical user interface. Thecardholder makes a particular entry and commits to the paymentrequirement associated therewith; for example, via the card-based creditcard template. In response to the entry made, the selected hotel or caragency will confirm the appropriate reservation; by downloading thecorresponding confirmation number into the passenger card. Alsodownloaded can be additional information, such as a map with directionsabout how to get there or other services provided by the hotel/rentalcar agency. In the case of frequent mileage points to be earned, theappropriate points will be computed for the hotel room or car used bythe cardholder. These points can also be stored in the passenger card,but need to be confirmed upon check-out from the hotel or return of therental car. Also stored in the card will be the appropriate applicationcodes and other data about the hotel accommodations and the rental cararrangements. The cardholder is now set to commence the trip.

As the day of departure arrives, the cardholder drives to the airport tocatch the reserved flight. On the way there, the cardholder has to crossa toll bridge. The passenger card will be presented to the toll bothoperator, including coupled to the control module regulating the accessto the bridge. The control module will calculate the necessary farebased upon the type of car and/or number of passengers in the car; suchinformation can be captured via a camera and weight station installed atthe both, or inputted by the booth operator. The computed fare will bededucted from the card-based electronic purse and forwarded to theentity administering the bridge usage. Upon receipt of payment, theentity will load an electronic receipt into the passenger card andapprove passage of the car. The cardholder will cross the bridge andafter arrival at the airport, park the car in the long-term parkingsection. The card will be inserted into, including coupled to, thecontrol module installed at the entrance to the parking lot. The controlmodule will compile and store a parking stamp, including the time ofarrival, in the card. Additional information can also be retrieved fromthe card or provided by the control module and included into the parkingstamp. Such information comprises, for example, the car's registrationslip including the license number, the airline ticket including theticket number, or the positioning coordinates the car is parked at.These parking coordinates relate to the parking lot's layout map that isstored in the parking database; the map can also be loaded via thecontrol module into the passenger card. The cardholder will nowremove/decouple the card, board the shuttle bus, and proceed to thecheck-in counter.

Upon arrival at the check-in counter, the passenger hands the card tothe airline representative who couples the card to the system forverification purposes. The system control module will verify the ticketrelated information, including the ticket's authenticity and time ofdeparture. This can be accomplished by checking the digital signature ofthe airliner attached to the ticket at the time of purchase, and bycomparing the day and time provided by the systems clock against thedeparture day/time retrieved from the card. If the signature checks outand the timing information matches, the ticket is established as beingvalid; otherwise, a new ticket has to be used. Because this is aninternational travel, the passenger's passport will be verified as well.The passport will be retrieved from the passenger card and viewed on thecontrol module's display screen. The representative can verify thedisplayed information as is, or might request additional information tofurther verify the lawful bearer; for example, the signature of thepassenger to be entered via a signature pad. If such information matchesthe one stored in the card-based passport, the passenger is consideredto be identical with the passport bearer and authorized for boardingpurposes; otherwise, access to the plane might be denied. Aftersuccessful verification, the system compiles and loads the boarding passinto the card, as well as cancels the ticket portion, which is relatedto the flight segment(s) the passenger has been qualified for. Theboarding pass can also be printed-out as a hardcopy.

Next, the passenger will be asked about eventual luggage items that needto be checked-in. The representative will weight the luggage anddetermine the number of allowable items, as well as compile a tag to beattached to the luggage items or program a identity label that isembedded in the luggage per se. The tag/label comprises the information,such as a bar code or any other plain or encoded data, that identifiesthe passenger as owner of that luggage, as well as the destination theitem needs to be transported to. The tag-related information will alsobe loaded into the passenger card and attached to the card-based ticketas an electronic proof about what luggage has been checked-in and whothe rightful owner is. The information will further be communicated withthe system database of the airplane, so as to maintain the status of allluggage being checked-in for a particular flight. This databaseinformation also allows, prior to take-off, the matching of all luggageitems against the passengers that actually have boarded the plane. Thepassenger can now proceed to the control module, which monitors theaccess of passengers to the plane, to couple the card thereto for thepurpose of boarding the plane. The control module will verify theboarding pass, and if successful, communicate to the system databasethat a particular passenger has actually boarded the plane. The databasecan monitor in this way the seating capacity of the plane, includingsignal when the plane is full. If the boarding pass does not check out,boarding will be denied.

In the meantime, the tagged luggage will be directed to the cargo holdof the airplane; for example, as indicated by a tag-reading means, whichcan include a scanning device or wireless sensor, installed at theconveyer belt that the luggage passes by. The information retrieved fromthe tag will also be stored in the system database, so as to compile thestatus, including number and type, of luggage being loaded into thecargo hold. The arriving luggage items can be stored on afirst-come-first-load basis or grouped by type, or by any othercharacteristic, of luggage; for example, all luggage items belonging tothe same passenger can be stored adjacently in the cargo hold. Thedatabase information will also be correlated to the location aparticular luggage item is physically placed within the cargo hold. Thiscan be done, for example, by loading the layout map of the cargo holdinto the system database and by marking the luggage location(s)thereunto. In this way, a particular luggage can be located or removedin response to inputting into the system database information about thecorresponding tag or the related ticket. In other words, prior totake-off, the luggage items stored in the cargo hold can be matchedagainst the passengers who have boarded the plane. This matching can beaccomplished by comparing the information, including ticket andtag-related data, that was stored in the system database during thepre-flight check-in process with information, including cardholder andluggage-related data, that is stored in the database during the processof boarding passengers and loading luggage items into the cargo hold. Asan outcome of the comparison process, a confirmation or warning messagewill be conveyed by the system, so as to allow the implementation ofappropriate actions, including corrective actions. A successful,one-to-one match means that all luggage, which was checked-in by thepassengers, is accounted for and that all of those passengers are on theplane as well. A discrepancy means that either a certain luggage item ora particular passenger cannot be accounted for or is missing. Forinstance, a luggage identified as being checked-in and loaded into thecargo hold, but not matched with any of the passengers that have boardedthe plane, needs to be investigated. The luggage could be the itembelonging to a harmless passenger who didn't board yet, but also a bombchecked-in by a terrorist who did not board the plane. If the missingpassenger is found, the appropriate boarding pass will be coupled to thecontrol module to determine if the database comparison will now yield amatch, and if successful, the plane can take off; otherwise furtherinvestigations are needed. In the case of a suspect luggage, the itemwill be pinpointed and displayed onto the layout map of the cargo hold,inspected and/or removed by security personnel; the plane may leavewithout or with the luggage. On the other hand, the case of a passengerthat checked-in with a luggage, but with no luggage being loaded intothe cargo hold, needs investigation too. The missing luggage item needsto be traced to see if it still is on the conveyer belt, if it wasdirected somewhere else, or if it is lost. If the item is found andloaded into the cargo hold, the plane can take off; otherwise a decisionhas to be made about appropriate actions to be taken before the planetakes off.

The above process of checking-in, tagging the luggage, and issuing aboarding pass by an airline representative can also be accomplishedautomatically via the card's built-in computerized means, while couplingthe card to the passenger station-like apparatus and communicating withthe airliner's system database. After this process is successfullyaccomplished, the plane will take off and facilitate in-flight services,if any, to the passenger; for example, the serving of special meals. Thepassenger can communicate to the isle booth, which coordinates thedistribution of meal servings, the seat number such a meal should bedelivered to. This can be done by inserting or coupling the card into acard slot or to a transmitter that is connected to the booth's receiverunit. In this way, the card-based seat location and type of food will becommunicated to the distribution center of the meals. The seat location,the special meal should be delivered to, can also be projectedautomatically onto a seating map display installed in the both; theseating information being retrieved from the airliner's database thatchecked-in the passenger, and read the card-based application codeindicating the special meal item to be served for a particularpassenger.

Upon arrival at the destination, the passenger proceeds to the baggageclaim to pick-up the luggage items that have been previously checked-in.The passenger removes the luggage, as identified by the tag affixed tothe luggage, from the conveyer belt and proceeds to the exit gate whilecoupling the passenger card to the control module installed at thatgate. To establish proper ownership of the luggage, the control modulewill read the tag-based data and compares the data with the tag-relatedinformation that was stored in the passenger card during the check-inprocess. If there is a match, the passenger can exit with the identifiedluggage items and the control module will update the airliner's databaseaccordingly. In this way, the database will also establish proof thatthe airliner did not loose any luggage and that the passenger actuallyremoved the luggage. If there is a discrepancy, a message will beconveyed that the passenger card does not contain tagging informationthat matches the tag on the luggage. An alarm may sound and/or the exitgate may block passage of individuals trying to remove luggage items notbelonging to them. To further validate the ownership of luggage items,additional verification steps might be necessary. For instance, if thecontrol module detects a biometrics information being associated withthe tag-related data or information, the passenger must provide thematching "life" biometrics to establish proper ownership. If theprovided biometrics does not match the biometrics information previouslystored in the passenger card and/or attached to the tag, the controlmodule will convey an appropriate warning message.

To improve the effectiveness of the baggage claim operations, theinvention further provides a means for pinpointing, sorting andtransporting the luggage items more efficiently onto the carousel. Thiswill be achieved, for example, by installing a claim box the passengerscan couple their card to, and a baggage sorter module the luggage itemsretrieved from the cargo hold will pass by. The claim box reads thetag-related information stored in the card and communicates theinformation to the sorter module. In response thereto, the sorter moduleplaces the luggage, which is identified by the tag that matches thecommunicated information, onto the carousel, so as to allow the luggageitems to be available on a first-come-first-serve basis. Besides, ifmore than one item belongs to a passenger, the items can be transportedunto the carrousel as a group of items as compared to individual itemsarriving at different time periods. Passengers arriving to pick-up theirluggage can also couple their card to the airliner's system database tolet the database inform the sorter module which luggage to retrieve,including the number and order thereof. In response thereto, the sortermodule will scan the tags affixed onto the luggage items, andautomatically load the items onto the carousel belt. The sorter can alsodisplay the tag-related information, including the order the luggageshould be transported to the baggage claim area, so as to allow aluggage handler to do the actual loading.

The passenger removes the luggage item(s) from the carousel, exits fromthe baggage claim, and proceeds to the rental car agency to pick-up thecar that was reserved via the passenger card. The agency representativecouples the card, for example, via a card terminal or wireless means, tothe database of the rental car provider's system, so as to verify thecardholder's eligibility and the car's availability. Thesystem/representative will verify the confirmation number stored in thepassenger card and compare it with the confirmation information storedin the rental car database. If there is a match, the system willretrieve and compile the contractual document that allows the passengerto drive a particular rental car. This can be achieved by automaticallyinputting into the document the appropriate data and information fromthe database or the passenger card; for example, the make/model andlicense number of the rental car, or the passenger's personal data andthe information relating to the driver's license. Also retrieved fromthe passenger card can be the credit card account number for the purposeof waiving certain insurance clauses. If applicable, the card-baseddriver's license can be verified as well; for example, by displayingonto a computer screen the electronic picture associated therewith, orby communicating the license number to the DMV database for furtherverification. If the picture matches the physical appearance of thecardholder, or the card-based data correlates to the DMV databaseinformation, the driver's license is established as being authentic. Thedriver's license can also be authenticated via the DMV's digitalsignature, if such a signature is attached to the license. Also inputtedinto the contract-template can be additional terms and conditions, suchas the number of days or miles the car can be driven for, as well as thedrop-off location for the rental car. The passenger can now sign, forexample, via a signature pad, the contract; the contractual document canbe stored in the passenger card and/or printed out as a hardcopy. Alsoloaded into the passenger card can be an electronic key for the caridentified via the license number stored in the contract, a layout ofthe lot the rental car is parked at, or a street map of thesurroundings. The card-based key can be used, for example, to open thedoor or to start the ignition of the rental car at the date specified inthe contract. This can be accomplished by installing or coupling acontrol module to the door lock or ignition system. The control modulereads the card-based key and contract, and compares the license numberand date included therein with the license number of the car provided bythe control module and the date provided by the system clock. If thereis a match, or date compliance, the door can be opened or the car bestarted. The passenger can also display onto the card the parking lot topinpoint the car's location in response to inputting the car's licensenumber, or the street map to communicate with the car and/or a providerof GPS (Global Positioning System) services when driving on the freeway.

The passenger leaves the rental car premises and heads towards the hotelwhile inputting into the GPS system the destination and request forpositioning. As a response thereto, the GPS determines and lays out ontothe street map the positioning coordinates of the car and possibleroutes leading to that destination. The GPS capability can also compilea dynamic track, including velocity and time, of the car as it moves onthe freeway. This mobile track can be displayed onto the passenger cardor a display mounted within the car, while illustrating any deviationfrom the directions that are recommended by the card-based street map.Upon arrival at the hotel, the passenger presents the passenger card tothe registration desk. The card will be coupled to the hotel's databaseand a verification process, similar to the one performed at the rentalcar place, will be accomplished. For instance, the card-basedconfirmation number verified against the number stored in the database,card-based data and other information automatically retrieved andinputted into a registration slip, the stay at the hotel backed-up bythe credit card form stored in the passenger card and by the digitalsignature provided by the cardholder, and appropriate data loaded intothe passenger card or provided as a hardcopy. As a result, the hotelaccommodation will be validated and stored in the passenger card as theappropriate room number and applicable time period. In this way, thepassenger card can be used as an electronic key to gain access to thathotel room. This can be accomplished by installing at the entrance tothe hotel room a control module that reads the card-based access key.The control module verifies the card-based room number and date(s)associated therewith. If the number and date match the room number andthe date provided by the control module and the system clock, the doorcan be opened; otherwise, a warning message will be conveyed that theroom number is wrong and/or accommodation is expired and no access canbe granted.

After settling in to the room, the passenger decides to do somesight-seeing while driving to a national park located nearby. On thehighway, the passenger will be stopped by a traffic officer for aspeeding violation. The officer states the reason for stopping the carand requests to see some documents, such as the driver's license,registration slip/rental contract, and proof of insurance. The driverpresents the passenger card, which contains those documents, and to viewor verify this card data, the data can be retrieved and displayed, aswell as communicated and compared against information stored in a remotedatabase. The traffic officer can verify the displayed information orupload it for comparison with a remote database, and proceedaccordingly. For example, the driver's license or other documents can bedisplayed within a card-based template(s) and viewed by the trafficofficer. In this way, the displayed picture of the driver can beverified against the physical appearance of the cardholder, as well asthe text of the rental agreement or insurance document read by theofficer. The card can also be coupled to the officer's laptop, or to anyother remote system database, for further verification purposes. Forexample, the officer can cross-check the contents of the documents withthe database(s) of the DMV office, rental agency, or insurance provider.In this way, the driver's license number can be checked against a listof valid license numbers maintained by the DMV, the rental agreement canbe compared against a list of contracts maintained by the rental agency,and the policy number plus expiration date and related coverageinformation can be verified against a list of policy holders maintainedby the automobile insurer. If there are some problems with thedocuments, appropriate actions will be taken; for example, if thedriver's license is expired or suspended, the officer will cancel thecard-based driver's license and issue a ticket for driving without avalid license, as well as communicate the implemented measures to theDMV database. If the card-based documents are in order, the officer willcompile the speeding ticket. This can be done by selecting the relatedticket template from among a list of predefined templates stored in thelaptop/system database and displaying the template onto the laptop. Theticket can be filled-out, for example, by automatically retrieving fromthe passenger card, and electronically inputting into the template,information that relates to the driver and rental car. The officer canalso input additional information, such as the badge ID number, date ofrequired court appearance, or any other data about the circumstancesrelating to the traffic violation. The driver will now sign the ticket;for example, via a signature pad coupled to the laptop. The ticket,including ticket number, can be stored in the passenger card orprinted-out as a hardcopy. The ticket information will also becommunicated with the database(s) of the DMV and county clerk's officefor further processing and follow-up purposes. For instance, if thepassenger card will be coupled later on to the clerk's database to paythe speeding fine, the database will retrieve the card-based ticketnumber and look-up the data record referenced by the ticket number.Based upon that record, the database will determine the payment due orany other terms, such as the date of a court appearance, that relate tothe speeding ticket. Once adequate payment is provided, for example, viathe card-based monetary value, the clerk's database will inform allappropriate entities, such as the DMV office or insurance agencies,about the status of that particular case. In addition, the clerk'sdatabase will also be updated to consider the case closed and to load anelectronic confirmation thereabout into the passenger card. Thepassenger proceeds to the national park and upon arrival, couples thepassenger card to the control module installed at the entrance to thepark. The module will read the card-based data or scan the car todetermine the type of car and number of passengers in the car. Basedupon the findings, the module will determine the entrance fee; forexample, a fixed fee per passenger car plus an incremental fee per eachpassenger. A park ranger can also instruct the module to download themap and view points of the park into the passenger card; suchinformation can be displayed later onto a card template and used by thepark-visitor for orientation purposes. The passenger uses the card-basedmonetary value to pay for the admission fee and enters the park.

The next day, the passenger decides to visit one of the surroundingcities and to use the public transportation means available throughoutthe city. The passenger stops at the city's information center andcouples the card to a travel map to compile a particular trip. Forinstance, the passenger points and clicks onto the departure anddestination locations, which are displayed on the map, enters the numberof tickets requested, and selects the date/time the tickets should bevalid for. In response thereto, the map determines the transportationcarriers required for the trip, including necessary connections, andcomputes the price of the round-trip ticket. The passenger confirms thetrip compiled by the map, or explores alternative routes, and pays forthe ticket(s). Upon adequate payment being received, the map will storethe electronic ticket, including the use rights for the carriers andconnecting travel segments, into the passenger card. Also downloadedinto the passenger card can be the street map of the city, includingpoints of interest or a restaurant guide. The passenger card is nowready to be used accordingly; for instance, on a bus, street car and aferry, as well as for all-day rides on the subway. To board thetransportation carriers, the passenger will couple the card to thecontrol module(s) of the passenger station-like fixture that monitorsaccess to and exit from the carriers. For example, to board the bus, thecontrol module (at the entrance door) reads the card-based ticket, andin response thereto, compiles and stores the related admission stamp inthe passenger card, and grants access to the bus; the ticket portion forthe bus ride will be cancelled. When leaving the bus to continue thetrip via the street car, the control module (at the exit door) will readthe card-based ticket and bus-admission stamp, and in response thereto,compile and store a related exit stamp into the passenger card. To boardthe street car, the control module (at the entrance door) will read thecard-based data, compile and load into the passenger card an admissionstamp for the use of the street car; the admission stamp for the buswill be cancelled. To continue on the ferry boat, the previousmethodology of using the passenger card for connecting carriers will berepeated. On the other hand, to facilitate the multiple rides on thesubway, the control module will compile and store a master-admissionstamp in the passenger card. This stamp can be valid for a predefinedsection of the subway network, as well as for a predetermined timeperiod. When transferring from one subway vehicle to another, thecontrol module at the corresponding entrance gates will read themaster-admission stamp and automatically compile and store the relatedslave-admission stamps in the passenger card. These latter stamps allowaccess to the connecting vehicles as identified by the master-stamp,including for the time period as specified by the card-based ticket.After the one-day tour is over, the passenger decides to spent the nextfew days to visit more points of interest located throughout the city.To plan those additional trips, the passenger will input into the cardthe places to be visited, as well as the related dates and times. Theplanning process can be accomplished by retrieving and displaying thecard-based street map, selecting on the map the points of interest, aswell as by compiling and inputting into the card the schedule concerningthose future trips. The schedule will comprise the name and location ofthose places, as well as the time-stamps associated with the plannedtrips. In this way, the card-based schedule provides the guiding supportand time management functions for the trips to come. For example, thecard will indicate the positioning coordinates of the passenger and ofthe places to be visited while also flagging the location "next-in-line"or any deviations from the planned itinerary. The card-based schedulewill also display, or convey to the cardholder, the date/time of theupcoming point of visit while also reminding the passenger about howmuch time is needed to get there. For example, the system determines thedistance between the passenger's positioning coordinates and those ofthe place to be visited next, and in response thereto, computes the timeneeded to get there as a function of the transportation means availableto the passenger. This required time will be compared against the actualamount of time available to the cardholder for reaching the scheduleddestination; the available time will be calculated by subtracting thecard/system clock from the timing data stored in the card-basedschedule. Based upon this comparison, the card/system will advice thepassenger about when to leave the present location, how fast to drive,or what other transportation carrier would be most appropriate to take,to reach the destination in time.

As departure time arrives, the passenger will check-out from the hotel,return the rental car, and board the plane. The bills for the hotel/carcan also be paid via the passenger card. For instance, by coupling thecard to the hotel's database to retrieve the bill as identified via thecard-based room number. The electronic bill will be downloaded into anddisplayed onto a card-based template while showing the itemized chargesand date(s) of occurrence. After forwarding the appropriate payment, forexample, by deducting the amount due from the card-based monetary value,the hotel will compile and load an electronic receipt into the passengercard. In addition, the card-based key will be erased to prevent furtheraccess to any of the hotel's room. When dropping-off the rental car, thecard will be coupled to the rental car agency's database to compile thebill as related to the card-based contract number, including thedriver's name. The amount due by the passenger is a function of thecontractual agreement and of the actual car utilization (e.g., number ofdays, mileage driven, or amount of gas left in the tank). The electronicbill will be downloaded into and displayed onto a card-based templatewhile showing the amount and date of expenses incurred. After adequatepayment is provided, an electronic receipt will be loaded into thepassenger card, as well as the card-based key, which was used to openthe car's door or to start the ignition, deleted. If enrolled into afrequent travel program, the passenger card will be credited with thecorresponding bonus points in exchange for staying at the hotel anddriving the rental car.

When arriving at the airport, the methodology used previously tocheck-in the passenger will be repeated; for example, the passengeridentified, the card-based ticket verified, and the luggage loaded ontothe plane. The passenger boards the plane and enjoys the flight home. Aslanding time nears, the immigration/custom form needs to be filled out.This can be done via the passenger card by displaying the form onto acard-based template; the form can be stored in the passenger card or inany other mobile terminal, including downloaded from the airliner'sdatabase or scanned from a hardcopy. The template will retrieve selectedinformation, which was previously stored in data fields of the passengercard, and automatically load the information into the form-template.Such information comprises the passenger's name, residence, andcitizenship, as well as flight-related data including the airline'sname, flight number and location/country of take-off. The template willalso facilitate the inputting of additional data by the passenger perse. For instance, a description of items to be declared or a note thatnone of such items are present, or a statement about the nature of thetrip or the length of stay. After the form is filled-out, the passengerwill sign it via a signature pad, or any other handwriting recognitionmeans, and store the form in the passenger card; the form can also beprinted out as a hardcopy.

After landing at the international airport, the passenger proceeds tothe immigration/customs booths for clearance. The passenger card will becoupled to the control module monitoring passage through those boothsand in response thereto, the control module will verify the passport andcustoms form that are stored in the card. For example, the module willretrieve and display the passenger's citizenship information andpicture; this information can be analyzed, including compared againstthe physical appearance of the passenger. The module can alsocross-check the passport data against Government databases, so as todetect any outstanding warrants, individuals convicted or suspected ofcriminal activities, cardholders who match the profile of possible drugtraffickers, or any passenger that should be investigated beforeadmittance is allowed. In the case a passenger is suspected of wrongdoings and an appropriate court order is issued, the control module cansound a silent alarm or load an electronic tracer into the passengercard. This tracer can be pinpointed and intercepted by law enforcementagents that are in charge of surveillance for that particular passenger.Similar to the passport-related data, the information stored in thecustoms form can be verified as well. For example, the control modulecan retrieve and display the form onto the card template and allow thecustoms agent to evaluate the inputted data. The agent can alsocommunicate with remote databases to determine if the form-basedinformation justifies any follow-up or further investigation. Forexample, passengers with a history of trying to smuggle foreignagricultural items or import animals on the endangered species list,might be scrutinized more closely to see if any laws are violated orquarantine measures are applicable. After the immigration/custom checksare accomplished, an appropriate "approval" stamp can be stored in thecard while clearing the passenger for passage.

The electronic documents and forms stored in the passenger card canfurther automate the method of admitting or rejecting the passengers.For instance, upon arrival for clearance the passengers will beinstructed to first choose one of the gates marked with a "US citizens"or "legal residence/green cards" or "aliens" sign. The passengers willselect and pass through a particular gate while coupling the passengercard to the control module that monitors the passenger flow through thatparticular gate. The control module will read the card-basedinformation, comprising the personal data, airline ticket/boarding pass,passport, and immigration form. In response thereto, the module canautomatically verify the card-based data, as well as communicate inreal-time with remote databases to compare selected card data againstinformation maintained by the Government or by international lawenforcement agencies. As an outcome of the verification step, thecontrol module directs the passenger flow accordingly; for example, viaa green light signaling to proceed to the exit, via a yellow lightindicating to provide additional information, or via a red light to stopand pass through a different gate marked with a "INS-Agent" sign.Passengers, who are cautioned with a yellow light, might be required toprovide a particular biometrics information to the control module; forexample, their fingerprints to be captured for comparison withbiometrics information stored in a remote database, or their "life"picture to be scanned for examination by an agent stationed at a remotelocation. Next, the passenger proceeds to the baggage claim to pick-upthe luggage items while claiming the items that match the card-basedluggage tag(s). To exit with the luggage, the passenger is instructed tochoose one of the gates marked with the "to declare" or "nothing todeclare" sign, as well as couple the passenger card to the appropriatecontrol module. The verification method described above will berepeated, including the card-based customs form verified. As a functionof the verification process, the passengers will be directed via a greenor yellow light to proceed, or via a red light to stop by at a gatemarked with the "Customs-Agent" sign.

After successful clearing, the passenger will proceed via the airportshuttle to the long-term parking lot. To locate the space thepassenger's car is parked at, the passenger can input the car's licensenumber and in response thereto, the card will display the car's locationonto the parking lot map, which was previously stored in the card. Thepassenger card can also be coupled to the control module of the parkinglot. The module will read the parking stamp, which was previously storedin the passenger card, retrieve the positioning coordinates associatedtherewith, and display the corresponding location of the car. To exitthe parking lot, the control module at the exit gate will read andverify the card-based parking stamp, determine the applicable parkingfee and display the amount due. The fee is a function of the number ofdays/hours the car was parked. This number will be computed bysubtracting the date/time of arrival, which was stored in the card-basedparking stamp, from the date/time of exit, which is provided by thesystem clock. The passenger pays via the card-based monetary value, andin response thereto, the control module loads an appropriate receiptinto the card and opens the exit ramp. The passenger exits the parkinglot and drives home.

As time goes by, the passenger realizes that the card-based passportneeds to be renewed and decides to renew it remotely via the followingmethod; the method described below can also be applied for the remoterenewal or issuance of any other ID document, license, or permit-likedocument that is endorsed by an authorized entity.

The passenger will display the card-based template representing thepassport application form while inputting the necessary data; theform-template can be stored in the passenger card or downloaded from aremote database. The data entries comprise demographics information,such as name, permanent and mailing address, telephone number, and SSN;as well as additional personal data, such as gender, date and place ofbirth, height, and hair and eye color. Also included is informationabout travel plans and an emergency contact, as well as data related tothe most recent passport, such as passport number, and date and place ofissuance. This data can be entered by the passenger via keyboard orwireless means, or electronically retrieved from the old passportdocument; the old passport can be stored in the passenger card orprovided as a machine readable document. After the data entries aremade, the passenger will read and sign and date the oath/affidavitstatement; for example, via a handwriting recognition means coupled toor included within the passenger card. If previously certified by acertification center, the passenger's digital signature can also beincluded into the form-template as is; for example, retrieved fromwithin the card or downloaded from the center's database. To completethe application form, the passenger's photo has to be included as well.The two recent identical photos, which have to conform to therequirements imposed by the passport services agency, can be providedvia a digitized picture of the passenger's physical appearance. Thispicture can be scanned-in via a biometrics box that is coupled to orembedded within the passenger card, as well as retrieved via acard-based picture-template or downloaded via an on-line communicationmeans from a remote database. The picture stored in the card or databasehas to be taken within a predetermined time period, including reflectthe actual appearance of the passenger at the time of renewal. Thecompleted and signed form will be stored in the passenger card andcommunicated/uploaded together to the passport services agency forfurther processing. The cardholder will also forward adequate payment;for example, via the digital cash stored in the passenger card. Theagency will verify the uploaded application, for example, by comparingthe provided information against data stored in a Government databaseincluding the old passport data and photo of the applicant, as well asby clearing the electronic payment.

Upon approval of the application, the agency will renew/issue the newpassport while compiling the electronic passport for that passenger. Thecompiled information can be stored in the agency database, includingdownloaded into the passenger card. To control access to the newpassport data, the agency can protect the data via security informationthat is unique to the rightful passport-holder. For example, to downloadthe new passport into the passenger card, the passenger has to providethe matching SSN or signature. For more sophisticated protectionschemes, the agency can encrypt the passport data with a secret key orthe passenger's biometrics and the passenger has to provide the secretkey or matching biometrics to download and unlock the passport data. Theagency can also attach to the data a public key certificate to certifythe passport as being issued by that agency. After access is allowed,the new passport will be stored in the passenger card while overwritingthe old passport data. The card-based, old passport data can also cancelitself automatically if a predetermined condition is met; for example,the expiration date of the old passport will be compared against thedate provided by the system clock, and if the expiration date hasreached or gone beyond the systems date, that passport will be erased.The new passport data will be provided as an electronic representationof a conventional passport document. This electronic passport-templateis tamper proof while also allowing selected entries to be made lateron. The tamper proof, electronic pages (e.g. card-based data fields) ofthe passport comprise the passport number, as well as the bearer's photoand other personal data and information about the legitimatepassport-holder. These pages further comprise coded data and otherimportant information provided by the passport agency. The latterinformation refers to health matters, customs service, restrictions andimport rules, additional travel information, as well as instructionsabout how to proceed in the case of lost, theft or destruction of thepassport. This information also spells out the rights andresponsibilities of all U.S. citizens and of visitors when entering theUnited States. Included into this information are also pointers andtelephone numbers to Government pamphlets and databases where one canorder or look-up more detailed information relating to passport holders.This information can only be displayed, viewed, or printed-out; noalterations are possible. The entries allowed to be made onto certainpages, refer to the bearer's name and address in the USA/abroad to beinputted by the passport-holder, visa-related entries to be made byforeign officials, or amendments and endorsements to be compiled byauthorized entities. For instance, if applying for a visa, the methodused for the renewal of the passport can also be employed to obtain thatvisa. The passport-holder displays the visa-application form, fills itout, attaches adequate payment, and uploads the information to theforeign embassy/consulate. Upon approval, the visa will be downloadedinto the passenger card and stored in the passport-template that wasidentified by the passport number or via other unique informationrelating to the visa-applicant. In the same context, the passport holdercan also couple the card to a healthcare database including the holder'smedical record, and download any information about requiredvaccinations, such as an International Certificate of Vaccinationagainst yellow fever, and store it in the immunization-template. Thepassport bearer can also download recommendations about othervaccinations or medications and certain preventive measures advisablefor travelers. To make sure the card-based immunization pass is up todate, the passport holder can contact a healthcare provider, anddownload the appropriate information upon providing properidentification; the care provider can also certify the downloadedinformation to proof the authenticity thereof. The card can be furthercoupled to an insurance database, to downloaded proof of healthinsurance, which might be required outside the U.S.A., into the card.

I claim:
 1. A driver's license card, comprising:a memory for storing inthe card a driver's license document issued to a particular cardholder;and input/output means for entering or retrieving card data includinginformation relating to said driver's license document; said driver'slicense document comprising cardholder biometrics information includinga driver's picture; said input/output means comprising means for on-lineupdating of license related information, including the expiration dateof the document, previously stored in the card; said input/output meansfurther comprising:means for retrieving data, including the driver'spicture stored in the card; and means for displaying the data includingsaid driver's picture onto the card.
 2. The card in claim 1, whereinsaid memory further comprising:a registration slip for a motor vehicleoperated by said particular cardholder; and evidence of liabilityinsurance or other form of financial responsibility pertaining to saidmotor vehicle and said particular cardholder; the registration andinsurance documents comprising the effective and expiration dates of thedocuments.
 3. The card in claim 2, further including a means forcompiling said registration slip to be stored in the card;comprising:means for coupling the card to a DMV registration database;means for uploading to the database a set of card data comprisinginformation relating to said motor vehicle; and means for subsequentlystoring in the card said registration slip downloaded by the database;said set of card data further comprising proof of automobile insuranceby said particular cardholder and an adequate payment means for theregistration fee.
 4. The card in claim 2, further including means forstoring a ticket issued to said particular cardholder by a trafficofficer, comprising:means for coupling the card to said trafficofficer's laptop computer including a remote database; means foruploading to said remote database a card data comprising said driver'slicense document; and means for subsequently downloading into the cardsaid ticket compiled by said traffic officer and signed by saidparticular cardholder.
 5. The card in claim 4, further including meansfor following-up on said ticket; comprising:means for subsequentlycoupling the card to a traffic court database; means for communicatingto the court's database the card-based ticket, including a request for acourt hearing or a commitment to pay an applicable fine; and means forsubsequently storing into the card the court's decision including a datefor said court hearing or a means for voiding the card-based ticket. 6.The card in claim 5, further including means for paying said applicablefine; comprising:means for coupling the card to a ticket paymentdatabase; means for debiting a monetary value from a payment meanspreviously stored in the card; means for uploading the debited paymentto the database to pay the fine; and means for subsequently storing inthe card a receipt compiled by the court upon receipt of said applicablefine.
 7. The card in claim 1 further including means for on-line renewalof a card-based document including said driver's license document,comprising:means for coupling the card to a remote database including aDMV (Department of Motor Vehicles) entity; downloading databaseinformation including a new document data into the card; and replacingthe older version of said card-based document with the new data; saidnew document data comprising the new expiration date of the reneweddocument and the most recent picture of the document bearer.
 8. The cardin claim 1 wherein said driver's license card is a smart card comprisingsaid memory and input/output means.
 9. The card in claim 1 wherein saiddriver's license card is a handheld device including a pocket-sizecomputer.